[SECURITY] Fedora 40 Update: SDL2_sound-2.0.4-1.fc40

SDLsound is a library that handles the decoding of several popular sound file formats, such as .WAV and .OGG. It is meant to make the programmer's sound playback tasks simpler. The programmer gives SDLsound a filename, or feeds it data directly from one of many sources, and then reads the decoded...

[SECURITY] Fedora 41 Update: SDL2_sound-2.0.4-1.fc41

SDLsound is a library that handles the decoding of several popular sound file formats, such as .WAV and .OGG. It is meant to make the programmer's sound playback tasks simpler. The programmer gives SDLsound a filename, or feeds it data directly from one of many sources, and then reads the decoded...

The vulnerabilities of the functions CHBString::const_iterator::incrementSteps() and CHBString::remove() in the UserData service of the Mercedes-Benz Multimedia User Experience (MBUX) system allow a hacker to trigger a service failure.

The vulnerabilities of the functions CHBString::constiterator::incrementSteps and CHBString::remove of the UserData service in the Mercedes-Benz Multimedia User Experience MBUX system are related to buffer overflows in dynamic memory during the decoding of UD2 format files. Exploiting these...

CVE-2025-23039 Cross Site Scripting on URL decode Tooltip in Caido

Caido is a web security auditing toolkit. A Cross-Site Scripting XSS vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to...

caido 跨站脚本漏洞

caido is an open source application from Caido. Designed to help security professionals and enthusiasts audit Web applications efficiently and easily. A cross-site scripting vulnerability exists in Caido version v0.45.0 that stems from improper cleanup in the URL decoding tooltip of the HTTP...

PT-2025-3302 · Unknown +2 · Matrix Media Repo +4

Name of the Vulnerable Software and Affected Versions: Matrix Media Repo versions prior to 1.3.8 Description: The issue arises when SVG or JPEGXL thumbnailers are enabled, allowing a user to upload a file that claims to be one of these types and request a thumbnail, potentially invoking a differe...

BIT-PHP-MIN-2021-21707 Special characters break path parsing in XML functions

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...

Git 安全漏洞

Git is a free, open source distributed version control system open-sourced by Git. Git has a security vulnerability that stems from the fact that any URL-encoded portion can be decoded...

PT-2026-2938

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.20.1 Description FreeRDP, a free implementation of the Remote Desktop Protocol, contains a flaw related to Base64 decoding. A global-buffer-overflow can occur due to implementation-defined char signedness on...

CVE-2024-55628

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log...

Stack Overflow

github.com/cosmos/cosmos-sdk, cosmossdk.io/x/tx is vulnerable to Stack overflow. The vulnerability is due to improper handling of transaction decoding in Cosmos SDK, allows for excessive resource consumption or stack overflow when processing transactions, potentially leading to system instability...

Suricata 安全漏洞

Suricata is a network IDS, IPS and NSM engine from the Open Information Security Foundation. A security vulnerability exists in Suricata versions prior to 7.0.8 that stems from the fact that DNS resource name compression may result in small DNS messages containing very large contained hostnames...

PT-2025-11968 · Suricata +1 · Suricata +1

Name of the Vulnerable Software and Affected Versions: Suricata versions affected versions not specified Description: The issue concerns a problem where the decode base64 signature can cause large memory allocation. This could potentially lead to issues with the Suricata package in Debian Linux...

CVE-2020-1822

There are multiple out of bounds OOB read vulnerabilities in the implementation of the Common Open Policy Service COPS protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities...

CVE-2020-1820

There are multiple out of bounds OOB read vulnerabilities in the implementation of the Common Open Policy Service COPS protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities...

SUSE CVE-2024-53146

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is = U32MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decodecbcompound4res...

OESA-2024-2587 golang security update

. Security Fixes: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...

[SECURITY] Fedora 40 Update: dr_libs-0^20241216git660795b-1.fc40

Single-file audio decoding libraries for C/C++...

[SECURITY] Fedora 41 Update: dr_libs-0^20241216git660795b-1.fc41

Single-file audio decoding libraries for C/C++...

DEBIAN-CVE-2024-53146

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is = U32MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decodecbcompound4res...