MiracleLinux 7 : rh-nodejs12-nodejs-nodemon-2.0.3-5.el7, rh-nodejs12-nodejs-12.22.5-1.el7 (AXSA:2021-2386:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2386:03 advisory. nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...

MiracleLinux 7 : expat-2.1.0-14.el7 (AXSA:2022-3129:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3129:02 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25235 expat: Namespace-separator characters in...

MiracleLinux 8 : protobuf-c-1.3.0-8.el8 (AXSA:2023-7095:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7095:03 advisory. protobuf-c: unsigned integer overflow in parserequiredmember CVE-2022-48468 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : libxml2-2.9.7-15.el8.1 (AXSA:2023-4778:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4778:01 advisory. libxml2: integer overflows with XMLPARSEHUGE CVE-2022-40303 libxml2: dict corruption caused by entity reference cycles CVE-2022-40304 Tenable has...

OwnTone security vulnerabilities

OwnTone is an open-source Linux/FreeBSD DAAP iTunes, MPD Music Player Daemon, and RSP Roku media server. OwnTone has a security vulnerability that stems from a null pointer dereferencing in the parsemeta function, which may lead to denial-of-service attacks by sending specially crafted DAAP...

CVE-2025-63647

A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server (commit 334beb) allows a crafted DAAP request to trigger a Denial of Service. The CVE-2025-63647 entry has a CVSS v3.1 base score of 7.5 (HIGH) with network attack vector and low complexity. Multiple vendor...

MiracleLinux 8 : kernel-4.18.0-240.el8 (AXSA:2021-1489:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1489:04 advisory. kernel: use after free in the video driver leads to local privilege escalation CVE-2019-9458 kernel: use-after-free in drivers/bluetooth/hcildisc.c...

MiracleLinux 7 : rh-nodejs14-nodejs-nodemon-2.0.3-5.el7, rh-nodejs14-nodejs-14.17.5-1.el7 (AXSA:2021-2387:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2387:02 advisory. nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...

MiracleLinux 8 : ruby:3.0 (AXSA:2022-3846:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3846:01 advisory. ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 ruby: Cookie prefix spoofing in CGI::Cookie.parse...

CVE-2026-1110

A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtspparsemethod. This manipulation causes buffer overflow. It is possible to launch the attack on the local host. Continious delivery with rolling releases is used by this product...

CVE-2026-1109

A vulnerability was detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The impacted element is the function rtspparserequest. The manipulation results in buffer overflow. Attacking locally is a requirement. This product takes the approach of rolling releases to provide...

ROS-20260119-7390

A vulnerability in the ieee80211ifparseactivelinks function of the net/mac80211/debugfsnetdev.c module of the Linux kernel is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

GPAC avi_parse_input_file function heap buffer overflow vulnerability

GPAC is an open source multimedia framework. GPAC has a heap buffer overflow vulnerability that stems from the aviparseinputfile function failing to properly validate the length and size of the input data, which can be exploited by an attacker to cause a denial of service...

GPAC oggdmx_parse_tags function out-of-bounds read vulnerability

GPAC is an open source multimedia framework. GPAC suffers from an out-of-bounds read vulnerability that stems from the oggdmxparsetags function failing to properly validate the length size of the input data, which can be exploited by an attacker to cause a denial of service...

CVE-2026-1110

A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtspparsemethod. This manipulation causes buffer overflow. It is possible to launch the attack on the local host. Continious delivery with rolling releases is used by this product...

CVE-2026-1110

CVE-2026-1110 affects cijliu librtsp (up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04). The flaw is in the rtsp_parse_method function, where manipulation leads to a buffer overflow. The vulnerability can be triggered on the local host. Public details do not provide affected version ranges or updat...

CVE-2026-1110 cijliu librtsp rtsp_parse_method buffer overflow

A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtspparsemethod. This manipulation causes buffer overflow. It is possible to launch the attack on the local host. Continious delivery with rolling releases is used by this product...

CVE-2026-1110 cijliu librtsp rtsp_parse_method buffer overflow

A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtspparsemethod. This manipulation causes buffer overflow. It is possible to launch the attack on the local host. Continious delivery with rolling releases is used by this product...

CVE-2026-1110

A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtspparsemethod. This manipulation causes buffer overflow. It is possible to launch the attack on the local host. Continious delivery with rolling releases is used by this product...

CVE-2026-1109

A vulnerability was detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The impacted element is the function rtspparserequest. The manipulation results in buffer overflow. Attacking locally is a requirement. This product takes the approach of rolling releases to provide...