PT-2024-15711 · Unknown · C21 Live Encoder/Live Mosaic

Name of the Vulnerable Software and Affected Versions: C21 Live Encoder and Live Mosaic version 5.3 Description: The issue is related to inadequate access control, allowing a remote attacker to access the application as an administrator user due to lack of proper credential management. This can b...

C21 Live encoder code issue vulnerability

Cires21 C21 Live encoder is a software from Cires21 for various encoding and transcoding needs. A code issue vulnerability exists in C21 Live Encoder and Live Mosaic version 5.3 that stems from the presence of an arbitrary file upload vulnerability...

C21 Live encoder Access Control Error Vulnerability

Cires21 C21 Live encoder is a software for various encoding and transcoding needs from Cires21. An Access Control Error vulnerability exists in C21 Live Encoder and Live Mosaic version 5.3 that stems from a lack of proper credentials management, which allows an attacker to ask the application as ...

EulerOS Virtualization 3.0.6.6 : libwebp (EulerOS-SA-2023-3402)

According to the versions of the libwebp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to...

EulerOS 2.0 SP11 : libwebp (EulerOS-SA-2023-2653)

According to the versions of the libwebp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw an...

EulerOS 2.0 SP9 : flac (EulerOS-SA-2023-2893)

According to the versions of the flac package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Buffer Overflow vulnerability in function bitwritergrow in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the...

EulerOS Virtualization 2.9.1 : libwebp (EulerOS-SA-2023-2961)

According to the versions of the libwebp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to...

CVE-2023-51257

A flaw in jasper was discovered where an invalid memory write occurred due to the absence of a proper range check in the JPC encoder. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of...

Jasper Security Vulnerabilities

Jasper is a flexible and powerful GitHub issue reader open-sourced by Jasper. Jasper has a security vulnerability that stems from a lack of range checking in the JPC encoder, leading to invalid memory writes...

VulnCheck KEV: CVE-2019-6814

A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI...

CVE-2023-7070

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eebmailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2023-7070

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eebmailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes...

Cross site scripting

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eebmailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2023-7070 Email Encoder – Protect Email Addresses and Phone Numbers <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eebmailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2023-7070 Email Encoder – Protect Email Addresses and Phone Numbers <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eebmailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes...

WordPress Plugin Email Encoder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-15198 · WordPress · The Email Encoder – Protect Email Addresses/Phone Numbers

Name of the Vulnerable Software and Affected Versions: The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress versions up to, and including, 2.1.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's eeb mailto shortcode due to insufficient...

PT-2024-13826 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo dev master commit 15fed957fb Description: An information disclosure issue exists in the aVideoEncoderReceiveImage.json.php image upload functionality. A specially crafted HTTP request can lead to arbitrary file read. This issue is...

WordPress Email Encoder Bundle Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7070 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bbe9fb4a4a45 Credits Webbernaut Require...

OSV-2023-1361 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65333 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/sun.nio.cs.UTF8.updatePositions java.base/sun.nio.cs.UTF8$Encoder.encodeArrayLoop...