Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the emission of non-finite color values in the content stream. An attacker can cause PDF viewers to reject the content stream, affected page, or entire document by supplying special...

CVE-2026-32062

OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold idle pre-authenticated sockets open ...

SUSE CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

CVE-2026-2219

CVE-2026-2219 affects dpkg-deb in dpkg, where improper validation of the end of the data stream during uncompression of zstd-compressed .deb archives can lead to a denial-of-service (infinite CPU loop). Public records from OSV and OSV-derived advisories confirm patches exist in multiple distribut...

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

PT-2026-24672

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.22 @openclaw/voice-call versions prior to 2026.2.22 Description OpenClaw and @openclaw/voice-call accept media-stream WebSocket upgrades before validating the stream, allowing unauthenticated clients to...

EUVD-2022-0214

Malicious code in bioql PyPI...

CVE-2025-38098

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Don't treat wb connector as physical in createvalidatestreamforsink Don't try to operate on a drmwbconnector as an amdgpudmconnector. While dereferencing aconnector-base will "work" it's wrong and might lead to...

CVE-2025-38091

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check stream id dml21 wrapper to get planeid Why & How Fix a false positive warning which occurs due to lack of correct checks when querying planeid in DML21. This fixes the warning when performing a mode1 reset...

USN-6267-3 firefox regressions

USN-6267-1 fixed vulnerabilities and USN-6267-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were...

CVE-2022-24859 Manipulated inline images can cause Infinite Loop in PyPDF2

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content...

Google Chrome Heap Corruption Vulnerability (CNVD-2020-05134)

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A heap corruption vulnerability exists in Google Chrome versions prior to 80.0.3987.87. The vulnerability stems from insufficient data validation of streams in Goog...

Android on Nexus Qualcomm Component Privilege Acquisition Vulnerability (CNVD-2016-06201)

Android on Nexus 6 is an open source Linux-based operating system for the Nexus 6 smartphone developed by Google and the Open Handset Alliance OHA.Qualcomm is one of the Qualcomm components used in the Qualcomm devices. Qualcomm is a Qualcomm component used in one of the Qualcomm devices. A...

UBUNTU-CVE-2014-9867

drivers/media/platform/msm/camerav2/isp/msmispaxiutil.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749629 and Qualcom...

Debian Security Advisory DSA 1537-1 (xpdf)

The remote host is missing an update to xpdf announced via advisory DSA 1537-1. OpenVAS Vulnerability Test $Id: deb15371.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1537-1 xpdf Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...