This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The ZDI has assigned a CVSS rating of 5.8. The following CVEs are assigned: CVE-2023-39176.
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro VPN Proxy One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2024-36473.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-51635.
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2023-51634.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5725.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-32501.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5723.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-32639.
libopenmpt-0.7.8-1.el8
[Sec] Potential heap out-of-bounds read with malformed Dynamic Studio DSm files (r20912).
MED: Additional command pages can now be read.
MED: Echo DSP is now emulated.
AMS: Default channel panning was broken, using all-center panning instead of MOD-style panning.
STP: Correctly import volume slides where both nibbles are set.
MDL: Pitch slide depth was wrong since libopenmpt 0.6.0.
DTM: Fix pitch slide depth for samples with finetune.
DSm: Don’t import as Amiga module (and thus allow Amiga resampler to be enabled), as this PC format can easily exceed the Amiga frequency range.
DSm: Only the first 48 samples were ever read.
STM / STX: Don’t set channel panning. ScreamTracker 2 only outputs mono sound.
PSM: File header probing was stricter than actual file loader, rejecting manipulated files that would otherwise load fine.
[Bug] examples/libopenmpt_example_c_pipe.c and libopenmpt/bindings/freebasic/libopenmpt_ext.bi were missing from the Autotools package.
[New] New Makefile CONFIG=mingw-w64 option WINDOWS_CRT=[crtdll,msvcrt,ucrt] to select the toolchain CRT library.
[Change] build/download_externals.sh now verifies the integrity of any downloaded files and uses curl instead of wget.
[Regression] Optimization level when compiling with GCC 14 has been forced down to -O1 due to the severe miscompilation GCC 14 has shown on MinGW-w64 amd64 (see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115049).
IT: Disable a few more compatibility flags for older SchismTracker builds.
IT: Halve the output volume of files saved with ChibiTracker, as its mixer is about half as loud as ours.
S3M: In mono mode, the ratio between sample and OPL volume was incorrect.
S3M: Detect files saved with PlayerPRO.
XM: Detect files saved with PlayerPRO. Improved detection of files saved with ModPlug Tracker.
XM: Files with impossibly small pattern headers are now rejected, like FastTracker 2 does.
STK: Loosen SoundTracker file rejection heuristics a bit to allow loading of files with malformed song titles and overly long samples. Other heuristics has been tightened a bit.
MOD: Change VBlank timing heuristic to always assume CIA timing when long samples unsupported by original ProTracker) are found.
MOD: Disable NoiseTracker quirks if empty sample slots have a default volume other than 0.
MOD: 7-bit panning detection may have returned incorrect results for MODs with a channel count other than 4.
MED: Improve handling of default tempo, panning and channel volume in files containing more than one song.
MO3: Reduced maximum allowed music data (not samples) size from 2 GiB to 512 MiB.
XMF: Header validation is now stricter.
MDL: Slightly more accurate import of pattern command 9 (enabling envelopes instead of setting envelope position).
ULT: Support the highest three octaves.
OPL emulation could produce clicks when using a mix rate higher than 65536 Hz.
xmp-openmpt: Subsongs whose length could not be calculate no longer show a duration of -12:-55.
mpg123: Update to v1.32.6 (2024-04-04).
libopenmpt-0.7.8-1.el7
[Sec] Potential heap out-of-bounds read with malformed Dynamic Studio DSm files (r20912).
MED: Additional command pages can now be read.
MED: Echo DSP is now emulated.
AMS: Default channel panning was broken, using all-center panning instead of MOD-style panning.
STP: Correctly import volume slides where both nibbles are set.
MDL: Pitch slide depth was wrong since libopenmpt 0.6.0.
DTM: Fix pitch slide depth for samples with finetune.
DSm: Don’t import as Amiga module (and thus allow Amiga resampler to be enabled), as this PC format can easily exceed the Amiga frequency range.
DSm: Only the first 48 samples were ever read.
STM / STX: Don’t set channel panning. ScreamTracker 2 only outputs mono sound.
PSM: File header probing was stricter than actual file loader, rejecting manipulated files that would otherwise load fine.
[Bug] examples/libopenmpt_example_c_pipe.c and libopenmpt/bindings/freebasic/libopenmpt_ext.bi were missing from the Autotools package.
[New] New Makefile CONFIG=mingw-w64 option WINDOWS_CRT=[crtdll,msvcrt,ucrt] to select the toolchain CRT library.
[Change] build/download_externals.sh now verifies the integrity of any downloaded files and uses curl instead of wget.
[Regression] Optimization level when compiling with GCC 14 has been forced down to -O1 due to the severe miscompilation GCC 14 has shown on MinGW-w64 amd64 (see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115049).
IT: Disable a few more compatibility flags for older SchismTracker builds.
IT: Halve the output volume of files saved with ChibiTracker, as its mixer is about half as loud as ours.
S3M: In mono mode, the ratio between sample and OPL volume was incorrect.
S3M: Detect files saved with PlayerPRO.
XM: Detect files saved with PlayerPRO. Improved detection of files saved with ModPlug Tracker.
XM: Files with impossibly small pattern headers are now rejected, like FastTracker 2 does.
STK: Loosen SoundTracker file rejection heuristics a bit to allow loading of files with malformed song titles and overly long samples. Other heuristics has been tightened a bit.
MOD: Change VBlank timing heuristic to always assume CIA timing when long samples unsupported by original ProTracker) are found.
MOD: Disable NoiseTracker quirks if empty sample slots have a default volume other than 0.
MOD: 7-bit panning detection may have returned incorrect results for MODs with a channel count other than 4.
MED: Improve handling of default tempo, panning and channel volume in files containing more than one song.
MO3: Reduced maximum allowed music data (not samples) size from 2 GiB to 512 MiB.
XMF: Header validation is now stricter.
MDL: Slightly more accurate import of pattern command 9 (enabling envelopes instead of setting envelope position).
ULT: Support the highest three octaves.
OPL emulation could produce clicks when using a mix rate higher than 65536 Hz.
xmp-openmpt: Subsongs whose length could not be calculate no longer show a duration of -12:-55.
mpg123: Update to v1.32.6 (2024-04-04).
