EUVD-2023-49954

Malicious code in bioql PyPI...

CVE-2022-49247 media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED

In the Linux kernel, the following vulnerability has been resolved: media: stk1160: If start stream fails, return buffers with VB2BUFSTATEQUEUED If the callback 'startstreaming' fails, then all queued buffers in the driver should be returned with state 'VB2BUFSTATEQUEUED'. Currently, they are...

SUSE CVE-2017-18265

Prosody before 0.10.0 allows remote attackers to cause a denial of service application crash, related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in,...

SUSE CVE-2019-15694

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This...

CVE-2018-19194

An issue was discovered in XiaoCms 20141229. /admin/index.php?c=database allows full path disclosure in a "failed to open stream" error message...

Code injection

Prosody before 0.10.0 allows remote attackers to cause a denial of service application crash, related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in,...

UBUNTU-CVE-2017-12603

OpenCV Open Source Computer Vision Library through 3.3 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case...

freetype: Input stream position error by processing Compact Font Format (CFF) font files

Integer overflow in base/ftstream.c in libXft aka the X FreeType library in FreeType before 2.4 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted Compact Font Format CFF font file that triggers a heap-based buffer overflow,...

[SECURITY] [DSA-2116-1] New freetype packages integer overflow

------------------------------------------------------------------------ Debian Security Advisory DSA-2116-1 [email protected] http://www.debian.org/security/ Stefan Fritsch October 4, 2010 http://www.debian.org/security/faq -...

freetype: Input stream position error by processing Compact Font Format (CFF) font files

Integer overflow in base/ftstream.c in libXft aka the X FreeType library in FreeType before 2.4 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted Compact Font Format CFF font file that triggers a heap-based buffer overflow,...