CLSA-2026-1779369622 rsync: Fix of CVE-2026-43618

CVE-2026-43618: fix integer overflow in compressed-token decoder allowing remote memory disclosure via crafted compressed stream...

SUSE CVE-2026-6385

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...

📄 Frigate NVR 0.16.3 Remote Command Execution

This Python exploit targets a critical configuration manipulation vulnerability in Frigate NVR versions up to 0.16.3 both authenticated and unauthenticated paths. By injecting a malicious go2rtc stream and a fake camera entry, it triggers arbitrary command execution as the Frigate process during...

CVE-2025-66379

Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service...

EUVD-2011-3846

Malware in sbrugna...

EUVD-2016-0776

Malware in sbrugna...

SUSE CVE-2024-55627

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer...

SUSE CVE-2024-46461

VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream heap based overflow. If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the...

CVE-2024-46461

VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream heap based overflow. If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the...

OESA-2024-1504 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small...

s2n-quic potential denial of service via crafted stream frames

Impact An issue in s2n-quic could result in unnecessary resource utilization when peers open streams beyond advertised limits. Impacted versions: = v1.30.0. Patches The patch is included in v1.31.0 1. Workarounds There is no workaround. Applications using s2n-quic should upgrade to the most recen...

GHSA-475V-PQ2G-FP9G s2n-quic potential denial of service via crafted stream frames

Impact An issue in s2n-quic could result in unnecessary resource utilization when peers open streams beyond advertised limits. Impacted versions: = v1.30.0. Patches The patch is included in v1.31.0 1. Workarounds There is no workaround. Applications using s2n-quic should upgrade to the most recen...

SUSE CVE-2005-2096

zlib 1.2 and later versions allows remote attackers to cause a denial of service crash via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file...

SUSE CVE-2009-1391

Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service hang or crash via a crafted zlib compressed stream that triggers a...

SUSE CVE-2011-2896

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gifreadlzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte functio...

SUSE CVE-2011-2895

The LZW decompressor in 1 the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and 2 compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products,...

SUSE CVE-2017-11665

The ffamfgetfieldvalue function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service Segmentation Violation and application crash via a crafted stream...

SUSE CVE-2020-15987

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream...

DEBIAN-CVE-2020-15987

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream...

Design/Logic Flaw

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream...