14 matches found
Astra Linux – Vulnerability in Firefox and Thunderbird
Freeing arbitrary nsIInputStream's on a thread other than the one in which they were created could lead to a use-after-free, potentially causing a crash. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
PT-2026-38971
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/amd/display component related to dsc eDP, which requires the implementation of a function hook check before use to ensure proper operation. Recommendations At...
EUVD-2016-9703
Malware in sbrugna...
Google Chrome < 138.0.7204.183 Vulnerability
The version of Google Chrome installed on the remote macOS host is prior to 138.0.7204.183. It is, therefore, affected by a vulnerability as referenced in the 202507stable-channel-update-for-desktop29 advisory. - Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a...
CVE-2025-5918 Libarchive: reading past eof may be triggered for piped file streams
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memo...
CVE-2025-48387
Summary of CVE-2025-48387 (tar-fs) : A path-traversal risk in tar-fs bindings for tar-stream affects releases prior to 3.0.9, 2.1.3, and 1.16.5, where extracting certain tarballs can write outside the intended directory. The issue has been fixed in 3.0.9, 2.1.3, and 1.16.5. As a workaround, you c...
CVE-2021-38380
Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack...
CVE-2025-32783
XWiki Platform is a generic wiki platform. A vulnerability in versions from 5.0 to 16.7.1 affects users with Message Stream enabled and a wiki configured as closed from selecting "Prevent unregistered users to view pages" in the Administrations Rights. The vulnerability is that any message sent i...
Chromium: CVE-2025-1921 Inappropriate Implementation in Media Stream
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 134 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 134.0.6998.35 Linux 134.0.6998.35/36 Windows 134.0.6998.44/45 Mac contains a number of fixes and improvements -- a list of...
CLSA-2024-1735065830 Fix CVE(s): CVE-2024-11233
SECURITY UPDATE: Security vulnerability in package - debian/patches/CVE-2024-11233.patch: fix error in convert.quoted printable-decode filter certain data leading to buffer overread. Fix segfault with streams and invalid data. - CVE-2024-11233...
SUSE-SU-2021:2790-1 Security update for nodejs8
This update for nodejs8 fixes the following issues: - CVE-2021-22930: http2: fixes use after free on close in stream canceling bsc1188917...
PYSEC-2021-772
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in boostedtreescreatequantilestreamresource by using negative arguments. The implementation does not validate that numstreams only contains non-negative numbers. I...
Input validation
An improper binary stream data handling issue was found in the core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server...