CVE-2026-11338 SourceCodester Ship Ferry Ticket Reservation System manage_user cross site scripting

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely...

CVE-2019-11338

libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service NULL pointer dereference and out-of-array access or possibly have unspecified other impact via crafted HEVC data...

CVE-2025-11338 D-Link DI-7100G C1 jhttpd login.cgi sub_4C0990 buffer overflow

A flaw has been found in D-Link DI-7100G C1 up to 20250928. This vulnerability affects the function sub4C0990 of the file /webchat/login.cgi of the component jhttpd. Executing manipulation of the argument openid can lead to buffer overflow. It is possible to launch the attack remotely. The exploi...

Linux Distros Unpatched Vulnerability : CVE-2017-11338

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service...

CVE-2024-11338

creationtimestamp| type| source ---|---|--- 2025-01-07 05:15:35+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vevf2xe22 2025-01-07 16:38:02+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/454...

CVE-2024-11338

The PIXNET Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gtm' and 'venue' parameters in all versions up to, and including, 2.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-lev...

CVE-2024-11338

CVE-2024-11338 concerns the PIXNET Plugin for WordPress. The Wordfence entry lists Stored Cross-Site Scripting via the gtm and venue params in all versions up to 2.9.10 (authenticated Subscriber+). No public technical details beyond this are provided in connected documents. RedHat/Red Hat advisor...

CVE-2024-11338 PIXNET Plugin <= 2.9.10 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The PIXNET Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gtm' and 'venue' parameters in all versions up to, and including, 2.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-lev...

Mageia: Security Advisory (MGASA-2017-0391)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-11338

...

CVE-2020-11338

CVE-2020-11338 entry is rejected/not used and does not represent an active vulnerability.

USN-4431-1: FFmpeg vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this issue to cause a denial of service via a crafted file. This issue only affected...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : FFmpeg vulnerabilities (USN-4431-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4431-1 advisory. It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this issue to...

USN-4431-1: FFmpeg vulnerabilities

It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this issue to cause a denial of service via a crafted file. This issue only affected Ubuntu 16.04 LTS, as it was already fixed in Ubuntu 18.04 LTS. For more information see:...

Debian: Security Advisory (DLA-1809-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1809-1 : libav security update

Two more security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. CVE-2018-15822 The flvwritepacket function in libavformat/flvenc.c in libav did not check for an empty audio packet, leading to an assertion failure. CVE-2019-11338 libavcodec/hevcdec.c...

[SECURITY] [DLA 1809-1] libav security update

Package : libav Version : 6:11.12-1deb8u7 CVE ID : CVE-2018-15822 CVE-2019-11338 Two more security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. CVE-2018-15822 The flvwritepacket function in libavformat/flvenc.c in libav did not check for an empty...

[SECURITY] [DSA 4449-1] ffmpeg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4449-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 22, 2019 https://www.debian.org/security/faq -...

CVE-2019-11338

CVE-2019-11338 affects FFmpeg/libav (FFmpeg 3.4 and 4.1.2) where libavcodec/hevcdec.c mishandles detection of duplicate first slices in crafted HEVC data. This can cause a NULL pointer dereference and out-of-bounds access, leading to a denial of service and possibly other impact. Public advisorie...

openSUSE Security Update : exiv2 (openSUSE-2019-504)

This update for exiv2 to 0.26 fixes the following security issues : - CVE-2017-14864: Prevent invalid memory address dereference in Exiv2::getULong that could have caused a segmentation fault and application crash, which leads to denial of service bsc1060995. - CVE-2017-14862: Prevent invalid...