8 matches found
PT-2023-20025 · Avideo · Avideo
Name of the Vulnerable Software and Affected Versions: AVideo versions prior to 12.4 Description: The issue allows attackers to gain sensitive information via the success parameter to the "/user" API endpoint. This is a Cross Site Scripting XSS vulnerability, which means attackers can inject...
WWBN AVideo 跨站脚本漏洞
WWBN AVideo is a video platform builder written in PHP by the WWBN team. A security vulnerability exists in World Wide Broadcast Network AVideo WWBN AVideo versions prior to 12.4. An attacker can exploit this vulnerability to obtain sensitive information via the /user success parameter...
PT-2022-6992 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.6.6 macOS versions prior to 12.4 Description: The issue is related to the PackageKit component in macOS, which has insufficient access controls. Exploitation of this issue may allow an attacker to execute arbitrary...
UBUNTU-CVE-2021-40823
A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...
Matrix 加密问题漏洞
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A cryptographic issue vulnerability exists in versions of Matrix Javascript SDK prior to 12.4.1, which stems from a logic error in a device's room key sharing functionality that results in insufficient...
UBUNTU-CVE-2019-18450
An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions...
Apple iTunes Arbitrary Code Execution Vulnerability
Apple iTunes is a suite of media player applications from the American company Apple. A security vulnerability exists in Apple iTunes versions prior to 12.4, which can be exploited by an attacker to execute arbitrary code...
CVE-2016-1917
Cross-site scripting XSS vulnerability in the Management Console in BlackBerry Enterprise Server BES 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1918...