Updated sdl2_sound packages fix security vulnerability

Updated packages fix CVE-2025-14369 in bundled drflac...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel before version 5.15.13, the file drivers/net/ethernet/mellanox/mlx5/core/steering/drdomain.c misinterprets the return value of mlx5getuarspage. It expects the return value to be NULL in the error case, but in reality, it is an error pointer...

Schneider Electric Saitel DR RTU和Schneider Electric Saitel DP RTU 路径遍历漏洞

Schneider Electric Saitel DR RTU and Schneider Electric Saitel DP RTU are both remote terminal devices from Schneider Electric, a French company. Both devices have a path traversal vulnerability. This vulnerability stems from improper path name restrictions, which may lead to unauthorized access ...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Prevent potential error pointer dereferencing. The drdomainaddvportcap function generally returns NULL on error. However, sometimes we want it to return ERRPTR-EBUSY so that the caller can retry. The issue here is that...

EUVD-2019-20136

Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the...

CVE-2019-25706 Across DR-810 ROM-0 Unauthenticated File Disclosure

Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the...

CVE-2019-25706 Across DR-810 ROM-0 Unauthenticated File Disclosure

Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the...

CVE-2019-25706

The CVE-2019-25706 entry concerns Across DR-810 routers with an unauthenticated ROM-0 backup file disclosure. An unauthenticated GET request to the rom-0 endpoint allows remote attackers to download and decompress the ROM-0 backup, exposing sensitive configuration data (including router passwords...

Across DR-810 安全漏洞

Across DR-810 is an enterprise-level software system developed by the Across company, designed for automating document processing and translation processes. There is a security vulnerability in Across DR-810, which stems from improper access control mechanisms, potentially leading to the leakage ...

click-clack (>=0.1.0 <=0.2.1), dr-widget (>=0.1.2 <=0.1.3) +7 more potentially affected by CVE-2026-39987 via marimo (>=0.10.19 <=0.21.1)

marimo PYPI version =0.10.19, =0.1.0, =0.1.2, =1.2.7, =2025.8.0, =0.1.1.dev1736307293, =0.1.1.dev1742453945 Source cves: CVE-2026-39987 Source advisory: SNYK:PYTHON-MARIMO-15954201...

click-clack (>=0.1.0 <=0.2.1), dr-widget (>=0.1.2 <=0.1.3) +7 more potentially affected by CVE-2025-39987 +1 more via marimo (>=0.10.19 <=0.21.1)

marimo PYPI version =0.10.19, =0.1.0, =0.1.2, =1.2.7, =2025.8.0, =0.1.1.dev1736307293, =0.1.1.dev1742453945 Source cves: CVE-2025-39987, CVE-2026-39987 Source advisory: OSV:GHSA-2679-6MX9-H9XC...

Fedora 42 : musescore (2026-2e5626418f)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2e5626418f advisory. Rebuilt with patched drwav to fix CVE-2026-29022. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Fedora: Security Advisory (FEDORA-2026-c571483404)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2026-32836

drlibs drflac.h version 0.13.3 and earlier fixed in commits fefced4, 4f5a4cd, and 663239a contain an uncontrolled memory allocation vulnerability in drflacreadanddecodemetadata that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can...

CVE-2026-32836

drlibs drflac.h version 0.13.3 and earlier fixed in commits fefced4, 4f5a4cd, and 663239a contain an uncontrolled memory allocation vulnerability in drflacreadanddecodemetadata that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can...

CVE-2026-32836 mackron / dr_libs dr_flac.h Excessive Memory Allocation in PICTURE Metadata Parsing

drlibs drflac.h version 0.13.3 and earlier fixed in commits fefced4, 4f5a4cd, and 663239a contain an uncontrolled memory allocation vulnerability in drflacreadanddecodemetadata that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can...

dr_libs 安全漏洞

drlibs is an audio decoding library developed by David Reid as a personal project in C/C++. Versions of drlibs prior to 0.13.3 contain security vulnerabilities. These vulnerabilities stem from the drflacreadanddecodemetadata function, which involves uncontrolled memory allocation. This could allo...

Fedora 42 : SDL2_sound (2026-bfa5bd0004)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bfa5bd0004 advisory. Latest upstream snapshot from stable-2.0 branch. Fixes CVE-2025-14369 in bundled drflac. Tenable has extracted the preceding description block directly from...

Fedora 42 : dr_libs (2026-2350c6fd8c)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2350c6fd8c advisory. Backport the fix for CVE-2026-29022 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...

Fedora 42 : easyrpg-player (2026-8ad39e4a3f)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8ad39e4a3f advisory. Rebuilt with updated drwav to fix CVE-2026-29022 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...