RHEL 9 : libvpx (RHSA-2025:14140)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14140 advisory. The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia...

RHEL 9 : libvpx (RHSA-2025:14139)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:14139 advisory. The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia...

CVE-2025-38583

CVE-2025-38583 affects the Linux kernel clk xilinx vcu clock provider. The issue occurs when registration of pll_post fails and the code attempts to unregister it, which can lead to a NULL pointer dereference during clk_hw_unregister calls. The fix is to unregister pll_post only if it was registe...

CVE-2025-38583 clk: xilinx: vcu: unregister pll_post only if registered correctly

In the Linux kernel, the following vulnerability has been resolved: clk: xilinx: vcu: unregister pllpost only if registered correctly If registration of pllpost is failed, it will be set to NULL or ERR, unregistering same will fail with following call trace: Unable to handle kernel NULL pointer...

Linux Distros Unpatched Vulnerability : CVE-2019-12454

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in wcd9335codecenabledec in sound/soc/codecs/wcd9335.c in the Linux kernel through 5.1.5. It uses kstrndup instead of kmemdupnul, which...

Huawei HarmonyOS audio codec module array index improper validation vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An improper array index validation vulnerability exists in the Huawei HarmonyOS audio codec module, which can be exploited by an attacker to cause audio...

Huawei HarmonyOS audio codec module out-of-bounds access vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An out-of-bounds access vulnerability exists in the Huawei HarmonyOS audio codec module, which can be exploited by an attacker to cause a usability impact...

OESA-2025-2039 openjpeg2 security update

OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, a still-image compression standard from the Joint Photographic Experts Group JPEG. Since April 2015, it is officially recognized by ISO/IEC and ITU-T as a JPEG 2000...

Security Bulletin: The Document Service Container of IBM Stelring B2B Integrator and IBM Sterling File Gateway is vulnerable to Informaton Disclosure (177835)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure security vulnerability Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper...

ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0), ai.ancf.lmos-router:lmos-router-hybrid (>=0.2.0 <=0.28.0) +17933 more potentially affected by CVE-2025-55163 via io.netty:netty-codec-http2 (>=4.1.0.Beta4 <=4.1.123.Final)

io.netty:netty-codec-http2 MAVEN version =4.1.0.Beta4, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1.0 -...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +3043 more potentially affected by CVE-2025-55163 via io.netty:netty-codec-http2 (>=4.2.0.Alpha1 <=4.2.3.Final)

io.netty:netty-codec-http2 MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2025-55163 Source advisory: OSV:GHSA-PRJ3-CCX8-P6X4...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +3043 more potentially affected by CVE-2025-55163 via io.netty:netty-codec-http2 (>=4.2.0.Alpha1 <=4.2.3.Final)

io.netty:netty-codec-http2 MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2025-55163 Source advisory: SNYK:JAVA-IONETTY-11799531...

Allocation of Resources Without Limits or Throttling

Overview io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the improper handling of concurrently acti...

BIT-LIBPYTHON-2020-27619

In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...

Linux Distros Unpatched Vulnerability : CVE-2024-38551

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Assign dummy when codec not specified for a DAI link MediaTek sound card...

Linux Distros Unpatched Vulnerability : CVE-2024-43818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: Adjust error handling in case of absent codec device acpigetfirstphysicalnode can...

Linux Distros Unpatched Vulnerability : CVE-2024-40964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41hdaunbind The cs35l41hdaunbi...

CVE-2025-54650

Improper array index verification vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect the audio decoding function...

CVE-2025-54609

Out-of-bounds access vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2025-54610

Out-of-bounds access vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect availability...