Video Security Vulnerabilities

CVE-2023-33053

Memory corruption in Kernel while parsing...

CVE-2023-33054

Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance...

CVE-2023-33018

Memory corruption while using the UIM diag command to get the operators...

CVE-2023-28588

Transient DOS in Bluetooth Host while rfc slot...

CVE-2023-33017

Memory corruption in Boot while running a ListVars test in UEFI Menu during...

CVE-2023-33022

Memory corruption in HLOS while invoking IOCTL calls from...

CVE-2023-28580

Memory corruption in WLAN Host while setting the PMK length in PMK length in internal...

CVE-2023-28586

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in...

CVE-2023-28579

Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK...

CVE-2023-28587

Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface...

CVE-2023-28585

Memory corruption while loading an ELF segment in TEE...

CVE-2023-28551

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input...

CVE-2023-28546

Memory Corruption in SPS Application while exporting public key in sorter...

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory...

CVE-2023-22383

Memory Corruption in camera while installing a fd for a particular DMA...

CVE-2023-47453

An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working...

CVE-2023-6308

A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Affected by this issue is some unknown functionality of the component Apache Struts. The manipulation leads to unrestricted upload. The attack may be launched...

CVE-2023-48221

wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has...

CVE-2023-31089

Cross-Site Request Forgery (CSRF) vulnerability in Tradebooster Video XML Sitemap Generator.This issue affects Video XML Sitemap Generator: from n/a through...

CVE-2023-30954

The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet...

CVE-2023-39206

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network...

CVE-2023-39204

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network...

CVE-2023-39205

Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network...

CVE-2023-33055

Memory Corruption in Audio while invoking callback function in driver from...

CVE-2023-33059

Memory corruption in Audio while processing the VOC packet data from...

CVE-2023-33031

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data...

CVE-2023-28570

Memory corruption while processing audio...

CVE-2023-28569

Information disclosure in WLAN HAL while handling command through WMI...

CVE-2023-33047

Transient DOS in WLAN Firmware while parsing no-inherit...

CVE-2023-28566

Information disclosure in WLAN HAL while handling the WMI state info...

CVE-2023-28563

Information disclosure in IOE Firmware while handling WMI...

CVE-2023-28554

Information Disclosure in Qualcomm IPC while reading values from shared memory in...

CVE-2023-28556

Cryptographic issue in HLOS during key...

CVE-2023-21671

Memory Corruption in Core during syscall for Sectools Fuse comparison...

CVE-2023-24852

Memory Corruption in Core due to secure memory access by user while loading modem...

CVE-2023-28545

Memory corruption in TZ Secure OS while loading an app...

CVE-2023-22388

Memory Corruption in Multi-mode Call Processor while processing bit mask...

CVE-2023-45069

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress YouTube Gallery Plugin: from n/a through...

CVE-2023-5945

The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_video_management_func() function. This makes it possible for unauthenticated...

CVE-2023-43982

Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP...

CVE-2020-36758

The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possible for unauthenticated attackers to update...

CVE-2023-45630

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3...

CVE-2023-45653

Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Video Playlist For YouTube plugin <= 6.0...

CVE-2023-45629

Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3...

CVE-2023-34977

A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and...

CVE-2023-34975

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. QuTScloud c5.1.x is not affected. We have already fixed the vulnerability in the...

CVE-2023-34976

A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and...

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...

CVE-2023-40558

Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5...

CVE-2023-25989

Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading.....