CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2021/04/06 5:2 a.m.•14 views

CVE-2021-28208 ASUS BMC's firmware: path traversal - Get video file function

The specific function in ASUS BMC’s firmware Web management page Get video file function does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files...

Cvelist•added 2021/04/06 5:2 a.m.•14 views

CVE-2021-28209 ASUS BMC's firmware: path traversal - Delete video file function

Cvelist•added 2021/04/06 5:2 a.m.•14 views

CVE-2021-28206 ASUS BMC's firmware: path traversal - Record video file function

The specific function in ASUS BMC’s firmware Web management page Record video file function does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files...

Cvelist•added 2021/04/06 5:2 a.m.•16 views

CVE-2021-28205 ASUS BMC's firmware: path traversal - Delete SOL video file function

The specific function in ASUS BMC’s firmware Web management page Delete SOL video file function does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files...

CNNVD•added 2021/04/06 12:0 a.m.•3 views

ASUS BMC Firmware 路径遍历漏洞

ASUS BMC Firmware is a firmware from Asus China. The ASUS BMC Firmware suffers from a path traversal vulnerability that stems from the Record video file function not filtering specific parameters. A remote attacker could use this vulnerability to gain administrator privileges and then traverse...

6.8CVSS5.7AI score0.01903EPSS

OSV•added 2021/01/08 6:15 p.m.•0 views

DEBIAN-CVE-2020-26664

A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file...

7.8CVSS8.4AI score0.01538EPSS

Exploits1References1

Veracode•added 2020/08/06 9:28 p.m.•29 views

Arbtirary Code Execution

vlc is vulnerable to arbitrary code execution. A heap-based buffer overflow in the hxxxAnnexBtoxVC function in modules/packetizer/hxxxnal.c allows a remote attacker to cause a denial of service application crash or execute arbitrary code via a malicious H.264 Annex-B video .avi for example file...

7.8CVSS6.1AI score0.02292EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2020/08/05 12:0 a.m.•2 views

PT-2021-6815 · Videolan +3 · Vlc Media Player +3

Name of the Vulnerable Software and Affected Versions: VideoLAN VLC Media Player version 3.0.11 Description: A buffer overflow vulnerability in the vlc input attachment New component allows attackers to cause an out-of-bounds read via a crafted .avi file. This can be exploited by a remote attacke...

8.8CVSS8.6AI score0.02292EPSS

Exploits3References49

NCSC•added 2020/06/17 12:0 a.m.•3 views

Vulnerability fixed in VLC

VideoLan has fixed a vulnerability in VLC Media Player. The vulnerability allows an unauthenticated remote malicious person able to cause a denial-of-service, and potentially execute arbitrary code with privileges of the affected user. To do so, the malicious party must entice the victim to open ...

7.8CVSS7.4AI score0.02292EPSS

NVD•added 2020/06/08 7:15 p.m.•17 views

CVE-2020-13428

A heap-based buffer overflow in the hxxxAnnexBtoxVC function in modules/packetizer/hxxxnal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service application crash or execute arbitrary code via a crafted H.264 Annex-B video .avi for example...

7.8CVSS7.9AI score0.02292EPSS

Exploits0References5

OSV•added 2020/06/08 7:15 p.m.•0 views

UBUNTU-CVE-2020-13428

7.8CVSS7.7AI score0.02292EPSS

Exploits0References6

Cvelist•added 2020/06/08 6:13 p.m.•24 views

CVE-2020-13428

7.9AI score0.02292EPSS

Exploits0References5

Debian CVE•added 2020/06/08 6:13 p.m.•32 views

CVE-2020-13428

7.8CVSS8.7AI score0.02292EPSS

AlpineLinux•added 2020/06/08 6:13 p.m.•36 views

CVE-2020-13428

7.8CVSS8AI score0.02292EPSS

Veracode•added 2020/06/03 4:7 a.m.•31 views

Denial Of Service (DoS)

FFmpeg is vulnerable to denial of service. An attacker is able to hog the CPU via a malicious video file in Matroska format as the handleopenbrace function in libavcodec/htmlsubtitles.c has a complex format argument to sscanf...

6.5CVSS2.7AI score0.01423EPSS

Exploits0References4Affected Software1

FreeBSD•added 2020/05/27 12:0 a.m.•28 views

vlc heap-based buffer overflow

Thomas Guillem reports: A heap-based buffer overflow in the hxxxAnnexBtoxVC function in modules/packetizer/hxxxnal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service application crash or execute arbitrary code via a crafted H.264 Annex-B video .avi f...

7.8CVSS7.6AI score0.02292EPSS

Exploits0References1

Zero Day Initiative•added 2020/05/12 12:0 a.m.•26 views

Microsoft Windows Media Player HEVC Stream Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS6.7AI score0.04681EPSS

Exploits0References1

Microsoft KB•added 2020/04/09 12:0 a.m.•5 views

Explorer.exe may crash when you play back an MPEG-4 file in Windows 8.1 or Windows RT 8.1

Explorer.exe may crash when you play back an MPEG-4 file in Windows 8.1 or Windows RT 8.1 This article describes an issue that occurs when you play back an MPEG-4 file in Windows 8.1 or Windows RT 8.1. Before you install this update, see the Prerequisites section. Symptoms This issue occurs when...

6.3AI score