Ubuntu 24.04 LTS : FFmpeg vulnerability (USN-8329-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8329-1 advisory. It was discovered that the FFmpeg CAF decoder incorrectly handled certain file size calculations. An attacker could possibly use this issue to cause FFmpeg to...

Uncontrolled Recursion

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

ImageMagick: Policy Bypass in PSD decoder

Due to a missing check in the PSD decoder it would be possible to bypass the list-length resource policy when decoding a PSD image. Other security limits would still apply...

freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks

An out of bounds read flaw has been discovered in FreeRDP. This out-of-bounds read exists in the MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and stepindex values from input data. An attacker may be able to leverage this weakness to leak global data...

OESA-2026-2087 musl security update

musl is an implementation of the C standard library built on top of the Linux system call API, including interfaces defined in the base language standard, POSIX, and widely agreed-upon extensions. It is lightweight, fast, simple, free, and strives to be correct in the sense of standards conforman...

CVE-2026-29645

NEMU OpenXiangShan/NEMU before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector RVV decoder. The decoder does not correctly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl, allowing certain invalid OP-V instruction encodings to be misinterpreted an...

EUVD-2026-23937

NEMU OpenXiangShan/NEMU before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector RVV decoder. The decoder does not correctly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl, allowing certain invalid OP-V instruction encodings to be misinterpreted an...

PT-2026-33826

NEMU OpenXiangShan/NEMU before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector RVV decoder. The decoder does not correctly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl, allowing certain invalid OP-V instruction encodings to be misinterpreted an...

CVE-2026-29645

CVE-2026-29645 (NEMU/OpenXiangShan/NEMU) : The RVV decoder in NEMU before v2025.12.r2 has an improper instruction-validation flaw: it does not properly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl. As a result, certain invalid OP-V instruction encodings can be misinterpreted an...

openCryptoki 安全漏洞

openCryptoki is an open-source library and tool for Linux that utilizes the PKCS11 standard. Versions of openCryptoki 3.26.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the BER/DER decoding functions in the shared public libraries, which trust the BER length fiel...

RHEL 7 : ImageMagick (RHSA-2026:5573)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5573 advisory. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fixes...

PJSIP 安全漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Versions of PJSIP 2.16 and earlier contained security vulnerabilities, which stemmed from a heap buffer...

CVE-2026-24823

Out-of-bounds Write, Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in FASTSHIFT X-TRACK Software/X-Track/USER/App/Utils/lvimgpng/PNGdec/src modules. This vulnerability is associated with program files inflate.C. This issue affects X-TRACK: through v2.7...

PT-2025-47807

Name of the Vulnerable Software and Affected Versions ESF-IDF versions 5.3.4 through 5.5.1 Description ESF-IDF, the Espressif Internet of Things IOT Development Framework, contains a flaw in its hardware JPEG decoder when used with the ESP32-P4. The software parser does not perform adequate...

Ubuntu 25.04 / 25.10 : FFmpeg vulnerability (USN-7871-1)

The remote Ubuntu 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7871-1 advisory. It was discovered that FFmpeg incorrectly handled memory allocation in the ALS audio decoder. If a user was tricked into loading a crafted media file, a remot...

Huawei EulerOS: Security Advisory for gdk-pixbuf2 (EulerOS-SA-2025-2287)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-20360

Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a lack of complete error checking when the MIME fields of the HTTP header are...

Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities

Multiple Cisco products are affected by vulnerabilities in the HTTP Multipurpose Internet Mail Extensions MIME Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak possible sensitive information or to restart. For more information about these...

EUVD-2018-6543

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-24106

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Xpdf prior to 4.04, the DCT JPEG decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unkno...