The vulnerability of the AVerCaster video encoding device, related to the transmission of authentication information in an open manner, allows a intruder to gain unauthorized access to the protected information.

The vulnerability of the AVerCaster video encoding device lies in the transmission of authentication information in an open manner. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to the protected information...

SUSE CVE-2024-27074

In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007loadencoder In go7007loadencoder, bouncei.e. go-bootfw, is allocated without a deallocation thereafter. After the following call chain: saa7134go7007init |- go7007bootencoder |-...

PT-2024-40753 · Unknown · Checkstyle

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs in the JavaLanguageParser.expr function, potentially related to encoding issues in the UTF 8.updatePositions and UTF 8$Encoder.encodeArrayLoop functions...

CVE-2024-27074

In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007loadencoder In go7007loadencoder, bouncei.e. go-bootfw, is allocated without a deallocation thereafter. After the following call chain: saa7134go7007init |- go7007bootencoder |-...

CVE-2024-27074 media: go7007: fix a memleak in go7007_load_encoder

In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007loadencoder In go7007loadencoder, bouncei.e. go-bootfw, is allocated without a deallocation thereafter. After the following call chain: saa7134go7007init |- go7007bootencoder |-...

CVE-2024-27074

The CVE-2024-27074 entry concerns a Linux kernel memory leak in the media go7007 path. Specifically, in go7007_load_encoder the bounce object (go->boot_fw) is allocated but not deallocated, and is freed later via kfree(go) after the call chain saa7134_go7007_init -> go7007_boot_encoder -&gt...

AZL-67478 CVE-2024-26938 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: Tolerate devdata==NULL in intelbiosencodersupportsdpdualmode If we have no VBT, or the VBT didn't declare the encoder in question, we won't have the 'devdata' for the encoder. Instead of oopsing just bail early. We...

DEBIAN-CVE-2024-26938

In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: Tolerate devdata==NULL in intelbiosencodersupportsdpdualmode If we have no VBT, or the VBT didn't declare the encoder in question, we won't have the 'devdata' for the encoder. Instead of oopsing just bail early. We...

CVE-2024-26938

CVE-2024-26938 is a Linux kernel vulnerability in the drm/i915/bios path. The issue occurs when int​el_bios_encoder_supports_dp_dual_mode() encounters a NULL devdata for a DP encoder (e.g., if there is no VBT or the VBT does not declare the encoder). The kernel previously could oops or mis-handle...

CVE-2024-26938 drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()

In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: Tolerate devdata==NULL in intelbiosencodersupportsdpdualmode If we have no VBT, or the VBT didn't declare the encoder in question, we won't have the 'devdata' for the encoder. Instead of oopsing just bail early. We...

The vulnerability of the Adobe Media Encoder application, related to the execution of operations beyond buffer boundaries in memory, allows an attacker to execute arbitrary code.

The vulnerability of the Adobe Media Encoder application relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious file...

The vulnerability of the JpegEncoder::Encode function in the file format decoders and encoders of the libheif library allows a attacker to cause a service failure.

The vulnerability of the JpegEncoder::Encode function in file format decoders and encoders of the libheif library is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause service interruptions...

Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing the following: alert999'...

Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF

Description The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack PoC Make a logged in admin open an HTML file containing the following:...

Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF

Description The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack Make a logged in admin open an HTML file containing the following:...

Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open an HTML file containing the following:...

Base64 Encoder/Decoder <= 0.9.2 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below...

PT-2024-40703 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs due to a crash in the JavaLanguageParser.expr function. The issue is related to the UTF 8.updatePositions and UTF 8$Encoder.encodeArrayLoop functions in the...

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Vulnerability

Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the setpwd endpoint that enables th...

DEBIAN-CVE-2023-50010

FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ffgradfunblurlinemovdqasse2, as demonstrated by a call to the setencoderid function in /fftools/ffmpegenc.c component...