180 matches found
EUVD-2024-26870
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2023-34105
SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's api-server server is vulnerable to a drive-by command injection. An attacker may send a request to the /api/v1/snapshots endpoint containing an...
CVE-2023-34105
SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's api-server server is vulnerable to a drive-by command injection. An attacker may send a request to the /api/v1/snapshots endpoint containing an...
CVE-2020-8145
The UniFi Video Server Windows web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLICGROUP or CUSTOMGROUP groups, can access these endpoints and overwrite the current...
CVE-2020-8144
The UniFi Video Server v3.9.3 and prior for Windows 7/8/10 x64 web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware...
CVE-2024-33250
An issue in Open-Source Technology Committee SRS real-time video server RS/4.0.268Leo and SRS/4.0.195Leo allows a remote attacker to execute arbitrary code via a crafted request...
CVE-2019-19298
A vulnerability has been identified in SiNVR/SiVMS Video Server All versions = V5.0.0 V5.0.2. The streaming service default port 5410/tcp of the SiVMS/SiNVR Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service...
CVE-2019-19297
A vulnerability has been identified in SiNVR/SiVMS Video Server All versions V5.0.0. The streaming service default port 5410/tcp of the SiVMS/SiNVR Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from...
CVE-2024-29882
SRS is a simple, high-efficiency, real-time video server. SRS's /api/v1/vhosts/vid-?callback= endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS Cross-Site Scripting. This vulnerability is fixed in 5.0.210 and 6.0.121...
SRS 安全漏洞
SRS is a simple, efficient, real-time video server from SRS Open Source. A security vulnerability exists in Simple Realtime Server that stems from allowing a remote attacker to execute arbitrary code via a crafted request...
CVE-2024-33250
An issue in Open-Source Technology Committee SRS real-time video server RS/4.0.268Leo and SRS/4.0.195Leo allows a remote attacker to execute arbitrary code via a crafted request...
CVE-2024-29882
SRS is a simple, high-efficiency, real-time video server. SRS's /api/v1/vhosts/vid-?callback= endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS Cross-Site Scripting. This vulnerability is fixed in 5.0.210 and 6.0.121...
CVE-2024-29882 SRS DOM - XSS on JSONP callback
SRS is a simple, high-efficiency, real-time video server. SRS's /api/v1/vhosts/vid-?callback= endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS Cross-Site Scripting. This vulnerability is fixed in 5.0.210 and 6.0.121...
CVE-2024-29882
CVE-2024-29882 affects SRS (simple, high-efficiency real-time video server). The vulnerability lies in the /api/v1/vhosts/vid-?callback= endpoint, where the callback name was not filtered, enabling injection of malicious JavaScript and XSS. Multiple connected sources corroborate that the issue ma...
CVE-2024-29882 SRS DOM - XSS on JSONP callback
SRS is a simple, high-efficiency, real-time video server. SRS's /api/v1/vhosts/vid-?callback= endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS Cross-Site Scripting. This vulnerability is fixed in 5.0.210 and 6.0.121...
Race condition
The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized...
Palantir Gotham video-application-server security vulnerability
Palantir Gotham is a commercially available, artificial intelligence-enabled operating system from US-based Palantir. A security vulnerability exists in the Palantir Gotham video-application-server, which stems from the inclusion of a contention condition that would result in the inability to app...
CVE-2023-20192
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: "Cis...
CVE-2023-34105
SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's api-server server is vulnerable to a drive-by command injection. An attacker may send a request to the /api/v1/snapshots endpoint containing an...
Command injection
SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's api-server server is vulnerable to a drive-by command injection. An attacker may send a request to the /api/v1/snapshots endpoint containing an...