45 matches found
PUB-A-477021934
In mfccoregetdecmetadataseinal of mfccoreregapi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2014-7130
Malware in sbrugna...
EUVD-2025-20240
Malicious code in bioql PyPI...
Malicious code in @zalastax/nolb-_sei (npm)
The package @zalastax/nolb-sei was found to contain malicious code...
MAL-2025-10402 Malicious code in @zalastax/nolb-_sei (npm)
The package @zalastax/nolb-sei was found to contain malicious code...
OSV-2025-622 Heap-buffer-overflow in cc_storage_append
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437855564 Crash type: Heap-buffer-overflow READ 1 Crash state: ccstorageappend ParseSEICallback HxxxParseSEI...
DEBIAN-CVE-2025-6663
GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...
UBUNTU-CVE-2025-6663
GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow due to improper validation during parsing of H266 sei messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffe...
PT-2025-27834 · Gstreamer · Gstreamer
Name of the Vulnerable Software and Affected Versions: GStreamer affected versions not specified Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with the library is required for exploitation, with attack vectors...
PT-2024-40637 · Git +1 · Gpac
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read, as indicated by a crash report. The crash involves the BS ReadByte and gf bs read u8 functions, and...
PT-2023-35601 · Git +1 · Libavc
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read crash. Technical details about the crash include the functions ih264d sev, ih264d parse fgc, and ih26...
SUSE CVE-2011-3946
The ffh264decodesei function in libavcodec/h264sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information SEI data, which triggers an infinite loop...
Effective Vulnerability Management with Stakeholder Specific Vulnerability Categorization (SSVC) and Qualys TruRisk
Security stakeholders across the globe have long relied on the Common Vulnerability Scoring System CVSS to prioritize vulnerabilities and assess their risk posture. The reason why the CVSS has become the standard for many security and vulnerability management teams alike is that this method is ea...
xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*
A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest thre...
xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*
A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...
xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*
A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...
xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*
A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest thre...
xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*
A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest thre...
Cyberattacks against machine learning systems are more common than you think
Machine learning ML is making incredible transformations in critical areas such as finance, healthcare, and defense, impacting nearly every aspect of our lives. Many businesses, eager to capitalize on advancements in ML, have not scrutinized the security of their ML systems. Today, along with...