Lucene search
MitreCVELIST:CVE-2018-6360HistoryJan 28, 2018 - 2:00 a.m.
CVE-2018-6360
2018-01-2802:00:00
mitre
www.cve.org
4
mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL.
Related
debiancve
debiancve
CVE-2018-6360
2018-01-28 02:29:01
debian
debian
[SECURITY] [DSA 4105-2] mpv security update
2018-02-09 00:17:33
[SECURITY] [DSA 4105-1] mpv security update
2018-02-07 02:49:21
[SECURITY] [DSA 4105-2] mpv security update
2018-02-09 00:17:33
nessus
nessus
FreeBSD : mpv -- arbitrary code execution via crafted website (3ee6e521-0d32-11e8-99b0-d017c2987f9a)
2018-02-12 00:00:00
GLSA-201805-05 : mpv: Remote code execution
2018-05-15 00:00:00
Debian DSA-4105-1 : mpv - security update
2018-02-08 00:00:00
ubuntucve
ubuntucve
CVE-2018-6360
2018-01-28 00:00:00
prion
prion
Design/Logic Flaw
2018-01-28 02:29:00
mageia
mageia
Updated mpv packages fix security vulnerability
2018-02-22 22:49:44
osv
osv
mpv - security update
2018-02-06 00:00:00
CVE-2018-6360
2018-01-28 02:29:01
archlinux
archlinux
[ASA-201802-7] mpv: arbitrary code execution
2018-02-13 00:00:00
freebsd
freebsd
mpv -- arbitrary code execution via crafted website
2018-01-28 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4105-1)
2018-02-05 00:00:00
Mageia: Security Advisory (MGASA-2018-0130)
2022-01-28 00:00:00
nvd
nvd
CVE-2018-6360
2018-01-28 02:29:01
gentoo
gentoo
mpv: Remote code execution
2018-05-14 00:00:00
cve
cve
CVE-2018-6360
2018-01-28 02:29:01
alpinelinux
alpinelinux
CVE-2018-6360
2018-01-28 02:29:01