Medium: gstreamer1-plugins-good

Issue Overview: In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure. CVE-2025-47183 In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetrak function may read past t...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a null pointer dereference in the hugetlbfsparseparam function...

Amazon Linux 2023 : gstreamer1-plugins-good, gstreamer1-plugins-good-gtk (ALAS2023-2025-1185)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1185 advisory. In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure. CVE-2025-47183 I...

Advisory ROSA-SA-2025-2993

software: htmldoc 1.9.20 OS: ROSA-CHROME unaffected versions = htmldoc-1.9.20-1 affected versions htmldoc-1.9.20-1 CVE-ID: CVE-2024-45508 BDU-ID: 2025-04747 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the parseparagraph function of the ps-pdf.cxx component of the HTMLDOC document conversion...

PT-2025-39377

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS version 7 Description A buffer overflow issue exists in MikroTik RouterOS 7. The issue is located in the parse json element function within the libjson.so component, specifically accessible through the /rest/ip/address/print...

Linux Distros Unpatched Vulnerability : CVE-2022-43037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Bento4 1.6.0-639. There is a memory leak in the function AP4File::ParseStream in /Core/Ap4File.cpp. CVE-2022-43037 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2024-40675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no...

Linux Distros Unpatched Vulnerability : CVE-2025-29489

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libming v0.4.8 was discovered to contain a memory leak via the parseSWFMORPHLINESTYLES function. CVE-2025-29489 Note that Nessus relies on the presence of the...

Linux Distros Unpatched Vulnerability : CVE-2018-18829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There exists a NULL pointer dereference in ffvc1parseframeheaderadv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafte...

Linux Distros Unpatched Vulnerability : CVE-2024-24149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory leak issue discovered in parseSWFGLYPHENTRY in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file. CVE-2024-24149 Note...

Linux Distros Unpatched Vulnerability : CVE-2023-49551

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjsopjsonparse function in the msj.c file. CVE-2023-49551 Note that...

PT-2025-36993

Name of the Vulnerable Software and Affected Versions: rAthena versions prior to commit 0cc348b Description: rAthena is an open-source cross-platform massively multiplayer online role playing game MMORPG server. A missing bound check in the chclif parse moveCharSlot function can lead to...

CVE-2025-10096

A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been...

CVE-2025-10096 SimStudioAI sim route.ts server-side request forgery

A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been...

media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()

...

Linux Distros Unpatched Vulnerability : CVE-2025-38728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to ksmbd due to missing check in...

Malicious code in dotenv-parse-variables-typeorm-spectron-fusion (npm)

The package dotenv-parse-variables-typeorm-spectron-fusion was found to contain malicious code...

Malicious code in cygnus-dotenv-parse-variables-pm2-sequelize (npm)

The package cygnus-dotenv-parse-variables-pm2-sequelize was found to contain malicious code...

Malicious code in dotenv-parse-variables-mira-nova-ophiuchus (npm)

The package dotenv-parse-variables-mira-nova-ophiuchus was found to contain malicious code...

Malicious code in dotenv-parse-variables-cluster-mongoose-xanthus (npm)

The package dotenv-parse-variables-cluster-mongoose-xanthus was found to contain malicious code...