142 matches found
Guests can continue to receive video streams from call after being removed from a conversation
None...
PT-2022-26617 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13 Description: The issue concerns an app's access to camera data. A camera extension may be able to continue receiving video after the app that activated it was closed. This is due to a problem with the logic...
Nextcloud: Guests can continue to receive video streams from call after being removed from a conversation
Summary: If the HPB is used and a guest is removed from a conversation while said guest is in a call the guest will no longer appear in the participant list and the call will appear as ended for the other participants. However, for the guest the call UI is still shown. If other participants start...
Vulnerability Spotlight: Vulnerabilities in WWBN AVideo web app could lead to command injection, authentication bypass
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the WWBN AVideo web application that could allow an attacker to carry out a wide range of malicious actions, including command injection and...
Microsoft VP9 Video Extensions 代码注入漏洞
Microsoft VP9 Video Extensions is a popular video codec from Microsoft. It is used for streaming over the Internet. A code injection vulnerability exists in Microsoft VP9 Video Extensions. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor...
CVE-2021-39183
Owncast is an open source, self-hosted live video streaming and chat server. In affected versions inline scripts are executed when Javascript is parsed via a paste action. This issue is patched in 0.0.9 by blocking unsafe-inline Content Security Policy and specifying the script-src. The worker-sr...
Buffer overflow
Owncast is an open source, self-hosted live video streaming and chat server. In affected versions inline scripts are executed when Javascript is parsed via a paste action. This issue is patched in 0.0.9 by blocking unsafe-inline Content Security Policy and specifying the script-src. The worker-sr...
CVE-2021-39183 Unsafe inline XSS Owncast
Owncast is an open source, self-hosted live video streaming and chat server. In affected versions inline scripts are executed when Javascript is parsed via a paste action. This issue is patched in 0.0.9 by blocking unsafe-inline Content Security Policy and specifying the script-src. The worker-sr...
CVE-2021-39183
CVE-2021-39183 affects Owncast (open source self-hosted live video streaming and chat server). The issue arises when inline scripts execute during paste actions. The description notes a patch in version 0.0.9 that blocks unsafe-inline CSP and specifies a script-src policy, and requires worker-src...
CVE-2021-25878
AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator...
FFmpeg 安全漏洞
FFmpeg is a complete solution for recording, converting, and streaming audio and video from the FFmpeg Ffmpeg team. Ffmpeg suffers from a security vulnerability that stems from adtsdecodeextradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the initgetbits return value, a necessary step...
FFmpeg heap buffer overflow vulnerability (CNVD-2021-39762)
FFmpeg is a complete solution for recording, converting and streaming audio and video. A heap buffer overflow vulnerability exists in fffillrectangle in libavfilter/drawutils.c in FFmpeg version 4.2. An attacker could exploit this vulnerability to cause memory corruption...
FFmpeg heap buffer overflow vulnerability (CNVD-2021-39760)
FFmpeg is a complete solution for recording, converting and streaming audio and video. A heap buffer overflow vulnerability exists in filter16complexlow in libavfilter/vfw3fdif.c in FFmpeg version 4.2. An attacker could exploit this vulnerability to cause memory corruption...
Shenzhen Skyworth RN510 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities
Overview ======== Title:- Authenticated XSRF in RN510 Mesh Extender. CVE-ID :- CVE-2021-25327 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.http://www.skyworthdigital.com/products Products: 1. RN510 with firmware V.3.1.0.4 Tested and verified Potential 2.RN62...
CVE-2021-21399
Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For more details and...
CVE-2021-21399
Ampache (web-based audio/video streaming app and file manager) is affected by CVE-2021-21399. Versions prior to 4.4.1 allow unauthenticated access to the Ampache backend via the Subsonic API if an attacker uses a username not associated with the site to bypass authentication. This is described in...
Gambling, Streaming Traffic Up During Men's College Basketball Tourney
Baylor wasn't the only big winner in the 2021 men's college basketball tournament. Gambling industry-related web traffic delivered by Akamai jumped 31% over the category average for all of Q4 2020 on March 31st. That was the day after the field of four finalists - Baylor, Houston, Gonzaga and UCL...
Code injection
Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious...
CVE-2020-6790 Uncontrolled Search Path Element in Bosch Video Streaming Gateway Installer
Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious...
CVE-2020-6790
The CVE concerns Bosch Video Streaming Gateway installer (up to version 6.45.10) with an Uncontrolled Search Path Element flaw. An attacker who tricks a user into placing a malicious executable in the same directory from which the installer is launched can achieve arbitrary code execution on the ...