Lucene search
+L

142 matches found

Nextcloud
Nextcloud
added 2022/12/01 9:34 a.m.47 views

Guests can continue to receive video streams from call after being removed from a conversation

None...

6.5CVSS6.4AI score0.00757EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/24 12:0 a.m.10 views

PT-2022-26617 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13 Description: The issue concerns an app's access to camera data. A camera extension may be able to continue receiving video after the app that activated it was closed. This is due to a problem with the logic...

3.3CVSS5.3AI score0.00224EPSS
Exploits0References4
Hacker One
Hacker One
added 2022/09/20 3:46 p.m.34 views

Nextcloud: Guests can continue to receive video streams from call after being removed from a conversation

Summary: If the HPB is used and a guest is removed from a conversation while said guest is in a call the guest will no longer appear in the participant list and the call will appear as ended for the other participants. However, for the guest the call UI is still shown. If other participants start...

4CVSS1.1AI score0.00757EPSS
Exploits0
Talos Blog
Talos Blog
added 2022/08/16 3:54 p.m.66 views

Vulnerability Spotlight: Vulnerabilities in WWBN AVideo web app could lead to command injection, authentication bypass

Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the WWBN AVideo web application that could allow an attacker to carry out a wide range of malicious actions, including command injection and...

1.4AI score0.83583EPSS
Exploits10
CNNVD
CNNVD
added 2022/03/08 12:0 a.m.11 views

Microsoft VP9 Video Extensions 代码注入漏洞

Microsoft VP9 Video Extensions is a popular video codec from Microsoft. It is used for streaming over the Internet. A code injection vulnerability exists in Microsoft VP9 Video Extensions. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor...

7.8CVSS7.6AI score0.02201EPSS
Exploits0References5
OSV
OSV
added 2021/12/14 8:15 p.m.16 views

CVE-2021-39183

Owncast is an open source, self-hosted live video streaming and chat server. In affected versions inline scripts are executed when Javascript is parsed via a paste action. This issue is patched in 0.0.9 by blocking unsafe-inline Content Security Policy and specifying the script-src. The worker-sr...

6.1CVSS6.6AI score
Exploits0References1
Prion
Prion
added 2021/12/14 8:15 p.m.22 views

Buffer overflow

Owncast is an open source, self-hosted live video streaming and chat server. In affected versions inline scripts are executed when Javascript is parsed via a paste action. This issue is patched in 0.0.9 by blocking unsafe-inline Content Security Policy and specifying the script-src. The worker-sr...

4.3CVSS6AI score0.00747EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/14 8:5 p.m.31 views

CVE-2021-39183 Unsafe inline XSS Owncast

Owncast is an open source, self-hosted live video streaming and chat server. In affected versions inline scripts are executed when Javascript is parsed via a paste action. This issue is patched in 0.0.9 by blocking unsafe-inline Content Security Policy and specifying the script-src. The worker-sr...

8.2CVSS8.2AI score0.00747EPSS
Exploits1References1
CVE
CVE
added 2021/12/14 8:5 p.m.52 views

CVE-2021-39183

CVE-2021-39183 affects Owncast (open source self-hosted live video streaming and chat server). The issue arises when inline scripts execute during paste actions. The description notes a patch in version 0.0.9 that blocks unsafe-inline CSP and specifies a script-src policy, and requires worker-src...

8.2CVSS6.2AI score0.00747EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2021/11/01 12:15 p.m.16 views

CVE-2021-25878

AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator...

6.1CVSS0.00834EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/08/21 12:0 a.m.4 views

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting, and streaming audio and video from the FFmpeg Ffmpeg team. Ffmpeg suffers from a security vulnerability that stems from adtsdecodeextradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the initgetbits return value, a necessary step...

9.8CVSS7.5AI score0.02411EPSS
Exploits0References14
CNVD
CNVD
added 2021/05/28 12:0 a.m.8 views

FFmpeg heap buffer overflow vulnerability (CNVD-2021-39762)

FFmpeg is a complete solution for recording, converting and streaming audio and video. A heap buffer overflow vulnerability exists in fffillrectangle in libavfilter/drawutils.c in FFmpeg version 4.2. An attacker could exploit this vulnerability to cause memory corruption...

8.8CVSS7AI score0.01413EPSS
Exploits1References1
CNVD
CNVD
added 2021/05/28 12:0 a.m.5 views

FFmpeg heap buffer overflow vulnerability (CNVD-2021-39760)

FFmpeg is a complete solution for recording, converting and streaming audio and video. A heap buffer overflow vulnerability exists in filter16complexlow in libavfilter/vfw3fdif.c in FFmpeg version 4.2. An attacker could exploit this vulnerability to cause memory corruption...

8.8CVSS7AI score0.01673EPSS
Exploits1References1
0day.today
0day.today
added 2021/05/02 12:0 a.m.94 views

Shenzhen Skyworth RN510 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

Overview ======== Title:- Authenticated XSRF in RN510 Mesh Extender. CVE-ID :- CVE-2021-25327 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.http://www.skyworthdigital.com/products Products: 1. RN510 with firmware V.3.1.0.4 Tested and verified Potential 2.RN62...

6.5CVSS0.3AI score0.00899EPSS
Exploits3
NVD
NVD
added 2021/04/13 8:15 p.m.23 views

CVE-2021-21399

Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For more details and...

9.1CVSS0.01438EPSS
Exploits1References1
CVE
CVE
added 2021/04/13 5:50 p.m.38 views

CVE-2021-21399

Ampache (web-based audio/video streaming app and file manager) is affected by CVE-2021-21399. Versions prior to 4.4.1 allow unauthenticated access to the Ampache backend via the Subsonic API if an attacker uses a username not associated with the site to bypass authentication. This is described in...

9.1CVSS7.8AI score0.01438EPSS
Exploits1References1Affected Software1
Akamai Blog
Akamai Blog
added 2021/04/12 5:0 p.m.35 views

Gambling, Streaming Traffic Up During Men's College Basketball Tourney

Baylor wasn't the only big winner in the 2021 men's college basketball tournament. Gambling industry-related web traffic delivered by Akamai jumped 31% over the category average for all of Q4 2020 on March 31st. That was the day after the field of four finalists - Baylor, Houston, Gonzaga and UCL...

0.1AI score
Exploits0
Prion
Prion
added 2021/03/25 4:15 p.m.15 views

Code injection

Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious...

6.9CVSS7.9AI score0.00347EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/03/25 3:53 p.m.25 views

CVE-2020-6790 Uncontrolled Search Path Element in Bosch Video Streaming Gateway Installer

Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious...

7.8CVSS7.9AI score0.00347EPSS
Exploits0References1
CVE
CVE
added 2021/03/25 3:53 p.m.49 views

CVE-2020-6790

The CVE concerns Bosch Video Streaming Gateway installer (up to version 6.45.10) with an Uncontrolled Search Path Element flaw. An attacker who tricks a user into placing a malicious executable in the same directory from which the installer is launched can achieve arbitrary code execution on the ...

7.8CVSS7.9AI score0.00347EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder