30 matches found
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2026-1536: Always validate the headers value when coming from untrusted source to avoid HTTP header injection. bsc1257440 CVE-2026-1761: Check length of bytes read in soupfilterinputstreamreaduntil to avoid a stack-based buffer overflow...
MiracleLinux 9 : openssl-3.0.1-47.el9 (AXSA:2023-5192:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5192:01 advisory. openssl: read buffer overflow in X.509 certificate verification CVE-2022-4203 openssl: timing attack in RSA Decryption implementation CVE-2022-4304...
EUVD-2019-2173
Malware in sbrugna...
EUVD-2025-14391
Malicious code in bioql PyPI...
Apple macOS USD CustomLoadImageData Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the USD...
GStreamer < 1.26.2 Multiple Vulnerabilities (macOS)
The version of GStreamer installed on the remote host is prior to 1.26.2. It is, therefore, is affected by multiple vulnerabilities, as follows: - A NULL-pointer dereference in the SubRip subtitle parser that can cause crashes for certain input files. CVE-2025-47807 - A NULL-pointer dereference i...
Alibaba Cloud Linux 3 : 0088: p11-kit (ALINUX3-SA-2022:0088)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0088 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-29361: An issue was discovered in...
CVE-2024-47776
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gstwavparsecuechunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch...
Amazon Linux 2 : freerdp (ALAS-2020-1516)
The version of freerdp installed on the remote host is prior to 2.1.1-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1516 advisory. In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients...
MGASA-2020-0157 Updated dcraw packages fix security vulnerabilities
The updated packages fix security vulnerabilities: There is a floating point exception in the kodakradcloadraw function in dcrawcommon.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. CVE-2017-13735 In LibRaw through 0.18.4, an out of bounds read flaw related to...
About the security content of iOS 12.1.3 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
VLC Media Player Multiple Vulnerabilities (sb-vlc308) - Mac OS X
VLC Media Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:videolan:vlcmediaplayer";...
OPENSUSE-SU-2019:1223-1 Security update for SDL
This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMAADPCMnibble in audio/SDLwave.c.bsc1124806. - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMAADPCM in audio/SDLwave.c bsc1125099. - CVE-2019-7576: Fixed heap-based...
SUSE-SU-2019:0950-1 Security update for SDL2
This update for SDL2 fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMAADPCMnibble in audio/SDLwave.c.bsc1124806. - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMAADPCM in audio/SDLwave.c bsc1125099. - CVE-2019-7576: Fixed heap-based...
Debian DSA-4331-1 : curl - security update
Two vulnerabilities were discovered in cURL, an URL transfer library. - CVE-2018-16839 Harry Sintonen discovered that, on systems with a 32 bit sizet, an integer overflow would be triggered when a SASL user name longer than 2GB is used. This would in turn cause a very small buffer to be allocated...
[SECURITY] [DSA 4331-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4331-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini November 02, 2018 https://www.debian.org/security/faq -...
CVE-2018-14780
An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function ykpivfetchobject: % highlight c % ifsw == SWSUCCESS sizet outlen; int offs = ykpivgetlengthdata + 1, &outlen; ifoffs == 0 return YKPIVSIZEERROR;...
Updated ioquake3 packages fix security vulnerability
It was discovered that ioquake3 contained a read buffer overflow that allows remote attackers to cause a denial of service CVE-2017-11721...
MGASA-2017-0066 Updated libevent packages fix security vulnerability
The DNS code of Libevent contains an OOB read which can trigger a crash CVE-2016-10197 The libevent evutilparsesockaddrport contains a buffer overflow which can cause a segmentation fault CVE-2016-10196 The nameparse function in libevent's DNS code is vulnerable to a buffer overread CVE-2016-1019...
Debian Security Advisory DSA 3215-1 (libgd2 - security update)
Multiple vulnerabilities were discovered in libgd2, a graphics library: CVE-2014-2497 The gdImageCreateFromXpm function would try to dereference a NULL pointer when reading an XPM file with a special color table. This could allow remote attackers to cause a denial of service crash via crafted XPM...