644 matches found
EUVD-2026-38832
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...
EUVD-2026-38831
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...
WordPress midi-Synth <= 1.1.0 - Unauthenticated Arbitrary File Upload
WordPress midi-Synth plugin \u003C= 1.1.0 contains an unrestricted file upload vulnerability caused by missing file type and extension validation in the 'export' AJAX action, letting unauthenticated attackers upload arbitrary files and potentially execute remote code, exploit requires attacker to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed potential memory leaks at the error handling path for UMP operations. The allocation and initialization errors in allocmidiurbs, which occur when the function is called during MIDI 2.0/UMP device operations...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Remove sndBUGON from sndusbmidioutputopen The function sndusbmidioutputopen includes a check for the NULL port, which involves calling sndBUGON. The use of sndBUGON was intended to prevent such issues from...
ROS-20260520-73-0045
A vulnerability in the Web MIDI device support Web MIDI interface of Google Chrome browsers is related to memory usage after memory is freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page...
Striso Control Firmware 安全漏洞
Striso Control Firmware is an open-source MPE MIDI controller firmware developed by Striso. Version 54c9722 of Striso Control Firmware contains a security vulnerability, which stems from a buffer overflow in the ThreadReadButtons function...
Striso Control Firmware 安全漏洞
Striso Control Firmware is an open-source MPE MIDI controller firmware developed by Striso. Version 54c9722 of Striso Control Firmware contains a security vulnerability, which stems from a buffer overflow in the AuxJack function...
KLA91053 Multiple vulnerabilities in Opera
Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Codecs can be exploited remotely to execute arbitrary code. ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fixed a race condition that could lead to a UAF in sndusbmidifree. The previous commit 0718a78f6a9f, “ALSA: usb-audio: Properly terminates the timer upon endpoint deletion,” addressed a UAF issue caused by the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work when closing a MIDI substream When closing a USB MIDI output substream, there may still be pending work. This work would eventually access the rawmidi runtime object that is being released. To...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: fixed a stack overflow issue in line6miditransmit. The issue was addressed by correctly calculating the available space, including the size of the buffer. This correction prevents a buffer overflow when multiple MIDI...
KLA91012 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in media can be exploited remotely to execute...
Exploit for CVE-2026-1306
CVE-2026-1306 — midi-Synth WordPress WordPress midi-Synth...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013575)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013575 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: fix stack overflow in line6miditransmit Correctly calculate available space includin...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011085)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011085 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: fix stack overflow in line6miditransmit Correctly calculate available space includin...
Google Chrome Web MIDI Component Memory Misreference Vulnerability
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a confusion in the instructions responsible for freeing memory in the Web MIDI component. An attacker coul...
KLA91054 Multiple vulnerabilities in Opera
Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Out of bounds read vulnerability in WebCodecs can be exploited to cause denial of service. 2. Use aft...
SUSE CVE-2026-5278
Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
EUVD-2026-17789
Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...