Lucene search
K

193 matches found

Positive Technologies
Positive Technologies
added 2024/03/07 12:0 a.m.4 views

PT-2024-19767 · Apple · Macos Sonoma +4

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 17.4 iOS versions prior to 17.4 iPadOS versions prior to 17.4 macOS Sonoma versions prior to 14.4 Description: The issue was addressed through improved state management, affecting Private Browsing tabs which may be...

4.3CVSS8AI score0.00732EPSS
Exploits0References11
OSV
OSV
added 2023/06/13 10:15 a.m.3 views

CVE-2023-32546

Code injection vulnerability exists in Chatwork Desktop Application Mac 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent...

4.4CVSS5.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/13 10:15 a.m.4 views

CVE-2023-32546

Code injection vulnerability exists in Chatwork Desktop Application Mac 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent...

4.4CVSS5.8AI score0.00272EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/06/13 10:15 a.m.20 views

Code injection

Code injection vulnerability exists in Chatwork Desktop Application Mac 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent...

3.2CVSS4.9AI score0.00272EPSS
Exploits0References2Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/06/13 4:38 a.m.2 views

Chatwork Desktop Application (Mac) vulnerable to code injection

Overview Chatwork Desktop Application Mac provided by Chatwork Co., Ltd. contains a code injection vulnerability CWE-94. Koh M. Nakagawa of FFRI Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

5.3CVSS7.2AI score0.00272EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/06/13 12:0 a.m.4 views

Chatwork 代码注入漏洞

Chatwork is a business group chat application from Chatwork, Inc. A security vulnerability exists in Chatwork Desktop Application version 2.6.43 and earlier, which stems from a code injection vulnerability that allows a non-administrative user to store and access audio and image data for the...

4.4CVSS5.3AI score0.00272EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/06/13 12:0 a.m.23 views

CVE-2023-32546

Code injection vulnerability exists in Chatwork Desktop Application Mac 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent...

5.2AI score0.00272EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/13 12:0 a.m.4 views

PT-2023-23867 · Unknown · Chatwork Desktop Application

Name of the Vulnerable Software and Affected Versions: Chatwork Desktop Application Mac versions 2.6.43 and earlier Description: A code injection issue exists, allowing a non-administrative user of the Mac where the product is installed to store and obtain audio and image data from the product...

4.4CVSS7.6AI score0.00272EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.2 views

SUSE CVE-2012-4186

Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors...

9.3CVSS9.7AI score0.147EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.1 views

SUSE CVE-2021-21166

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.6AI score0.26525EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.6 views

SUSE CVE-2021-28899

Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16...

7.5CVSS7.7AI score0.01094EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/10/20 12:0 a.m.4 views

The vulnerability of the RDP client FreeRDP, related to the issue of operations going beyond the buffer in memory, allows an attacker to gain access to read, modify, or delete audio/video data.

The vulnerability of the RDP client FreeRDP arises from the issue of the operation going beyond the buffer boundaries in memory when the /video command-line parameter is used. Exploiting this vulnerability can allow a remote attacker to gain access to, read, modify, or delete audio/video data...

5.9CVSS6.7AI score0.00985EPSS
Exploits0References11Affected Software4
OSV
OSV
added 2021/11/10 10:15 p.m.2 views

UBUNTU-CVE-2020-23906

FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service DoS via a crafted audio file due to insufficient verification of data authenticity...

5.5CVSS7.2AI score0.00355EPSS
Exploits1References3
OSV
OSV
added 2021/04/29 3:15 p.m.2 views

UBUNTU-CVE-2021-28899

Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16...

7.5CVSS5.8AI score0.01094EPSS
Exploits0References3
NVD
NVD
added 2020/10/21 3:15 p.m.13 views

CVE-2020-27607

In BigBlueButton before 2.2.28 or earlier, the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or...

6.5CVSS0.00761EPSS
Exploits1References1
OSV
OSV
added 2020/10/21 3:15 p.m.9 views

CVE-2020-27607

In BigBlueButton before 2.2.28 or earlier, the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or...

6.5CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2020/10/21 3:15 p.m.19 views

Code injection

In BigBlueButton before 2.2.28 or earlier, the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or...

6.4CVSS6.4AI score0.00761EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/10/21 2:8 p.m.16 views

CVE-2020-27607

In BigBlueButton before 2.2.28 or earlier, the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or...

6.5AI score0.00761EPSS
Exploits1References1
CVE
CVE
added 2020/10/21 2:8 p.m.45 views

CVE-2020-27607

CVE-2020-27607 affects BigBlueButton before 2.2.28. The client-side Mute button does not directly stop sending audio; it only signals the server to stop accepting audio data. A modified server could store audio data and/or transmit it to participants or third parties. Affected component: client-s...

6.5CVSS6.4AI score0.00761EPSS
Exploits1References1Affected Software1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.45 views

Huawei EulerOS: Security Advisory for libvorbis (EulerOS-SA-2018-1104)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.1AI score0.12054EPSS
Exploits0References2
Rows per page
Query Builder