TinyIce: Missing authentication on WebRTC ingest endpoint allows unauthorized stream injection

Title Missing authentication on WebRTC ingest endpoint allows unauthenticated stream injection in TinyIce Ecosystem / Package - Ecosystem: Go or "Other" — TinyIce is shipped as a Go binary, not a Go module published to a registry - Package name: github.com/DatanoiseTV/tinyice Affected versions =...

GHSA-P7C4-8X34-8J8F TinyIce: Missing authentication on WebRTC ingest endpoint allows unauthorized stream injection

Title Missing authentication on WebRTC ingest endpoint allows unauthenticated stream injection in TinyIce Ecosystem / Package - Ecosystem: Go or "Other" — TinyIce is shipped as a Go binary, not a Go module published to a registry - Package name: github.com/DatanoiseTV/tinyice Affected versions =...

CVE-2025-53399

In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets except when the relay is configured for strict source and learning disabled. Version 13.4.1...

Async 注入漏洞

Async is a utility module from Caolan McMahon Personal Developer in the UK. It is used to work with asynchronous JavaScript. A security vulnerability exists in Async HTTP Client version 1.13.2 and earlier versions. An attacker exploiting this vulnerability could open source a new HTTP header fiel...

CVE-2019-14899

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and...

PSF-2017-10 urllib FTP protocol stream injection

FTP protocol stream injection via malicious URLs...

Oracle Linux 7 : python (ELSA-2016-2586)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-2586 advisory. - Fix for CVE-2016-1000110 HTTPoxy attack Resolves: rhbz1359164 - Fix for CVE-2016-5636: possible integer overflow and heap corruption in zipimporter.getdata...

Code injection

Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams...

CVE-2007-4098

Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams...

CVE-2007-4098

Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams...

SSH < 1.2.25 CBC/CFB Data Stream Injection

Binary data 1978.prm...

SSH CBC/CFB Data Stream Injection

The remote host is running a version of SSH that is older than or as old as version 1.2.23. The remote version of this software is vulnerable to a known plaintext attack, which could allow an attacker to insert encrypted packets in the client - server stream that will be deciphered by the server,...