Linux Distros Unpatched Vulnerability : CVE-2026-8529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video...

PT-2026-41058

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A heap buffer overflow in Codecs allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted video file. A heap buffer overflow occurs when a program writes...

CVE-2026-43478

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spkmodeput The correct helper to use in rt1011recvspkmodeput to retrieve the DAPM context is sndsoccomponenttodapm, from kcontrol we will receive NULL pointer...

UBUNTU-CVE-2026-43478

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spkmodeput The correct helper to use in rt1011recvspkmodeput to retrieve the DAPM context is sndsoccomponenttodapm, from kcontrol we will receive NULL pointer...

CVE-2026-43478

CVE-2026-43478 affects the Linux kernel ASoC: codecs for the rt1011 driver. The vulnerability stems from using an incorrect helper to obtain the DAPM context in spk_mode_put(): the code should call snd_soc_component_to_dapm() , otherwise a NULL pointer may be returned from kcontrol. The connected...

CVE-2026-43478

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spkmodeput The correct helper to use in rt1011recvspkmodeput to retrieve the DAPM context is sndsoccomponenttodapm, from kcontrol we will receive NULL pointer...

AlmaLinux 9 : thunderbird (ALSA-2026:15892)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:15892 advisory. firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScrip...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability caused by a heap buffer overflow issue in the Codecs component. This vulnerability could allow remote attackers to execute arbitrary code within a sandbox...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability, which was caused by an out-of-bounds write issue in the Codecs component. This vulnerability could allow remote attackers to execute a sandbox escap...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability caused by Codecs integer overflow. This vulnerability could allow remote attackers to exploit the system through specially crafted video files, resulting in...

freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0

A division by zero flaw has been discovered in FreeRDP. This division by zero exists in the MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % blocksize where blocksize = context-common.format.nBlockAlign. The...

firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Uninitialized memory in the Audio/Video: Web Codecs component...

firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Uninitialized memory in the Audio/Video: Web Codecs component...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...

MGASA-2026-0125 Updated thunderbird packages fix security vulnerabilities

Use-after-free in the DOM: Core & HTML component. CVE-2026-6746 Use-after-free in the WebRTC component. CVE-2026-6747 Uninitialized memory in the Audio/Video: Web Codecs component. CVE-2026-6748 Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. CVE-2026-6749...

Updated rootcerts, nss & firefox packages fix security vulnerabilities

Use-after-free in the DOM: Core & HTML component. CVE-2026-6746 Use-after-free in the WebRTC component. CVE-2026-6747 Uninitialized memory in the Audio/Video: Web Codecs component. CVE-2026-6748 Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. CVE-2026-6749...

CVE-2026-7981

An out of bounds read flaw was found in the Codecs component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497926602...

CVE-2026-7933

An out of bounds read flaw was found in the WebCodecs component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=488585490...

CVE-2026-43310

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously; otherwise, it will cause below bus error and produ...

CVE-2026-43310

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously; otherwise, it will cause below bus error and produ...