EUVD-2024-1285

Malicious code in bioql PyPI...

CVE-2024-35371

Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included...

CVE-2024-32656

Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media...

Out-of-bounds Read

Ant-Media-Server is vulnerable to Out-of-bounds Read. The vulnerability is due to insufficient input sanitization in the logging mechanism, allowing user-controllable data, such as identifiers or sensitive information, to be included in log entries without proper filtering or validation. This cou...

io.antmedia.app:ConsoleApp (>=1.2.0 <=1.5.0), io.antmedia.app:LiveApp (>=1.2.0 <=1.8.1) +8 more potentially affected by CVE-2024-35371 via io.antmedia:ant-media-server (>=1.2.0 <=2.8.2)

io.antmedia:ant-media-server MAVEN version =1.2.0, =1.2.0, =1.2.0, =1.6.1, =2.15.0, =2.10.0, =2.14.0, =2.10.0, =2.6.1, =1.9.0, =1.2.0, =1.8.1 Source cves: CVE-2024-35371 Source advisory: OSV:GHSA-2GX6-QRPP-C4P3...

Ant-Media-Server vulnerable to Improper Output Neutralization for Logs

Ant-Media-Server v2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be include...

GHSA-2GX6-QRPP-C4P3 Ant-Media-Server vulnerable to Improper Output Neutralization for Logs

Ant-Media-Server v2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be include...

CVE-2024-35371

Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included...

Ant Media Server 安全漏洞

Ant Media Server is a real-time streaming engine software from Ant Media open source. It provides adaptive ultra-low latency streaming by using WebRTC technology with a latency of about 0.5 seconds. A security vulnerability exists in Ant Media Server version v2.8.2, which stems from insufficient...

Inproper Authorization

Ant Media Server Community Edition is vulnerable to Improper Authorization. The vulnerability is due to improper HTTP header based authorization which allows unauthorized users to potentially access non-administrative API calls reserved for authorized users...

Ant Media Server does not properly authorize non-administrative API calls

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 tested and possibly newer ones are believed to be...

io.antmedia.app:ConsoleApp (>=1.2.0 <=1.5.0), io.antmedia.app:LiveApp (>=1.2.0 <=1.8.1) +8 more potentially affected by CVE-2024-3462 via io.antmedia:ant-media-server (>=1.2.0 <=2.9.0)

io.antmedia:ant-media-server MAVEN version =1.2.0, =1.2.0, =1.2.0, =1.6.1, =2.15.0, =2.9.0, =2.14.0, =2.9.0, =2.6.1, =1.9.0, =1.2.0, =1.8.1 Source cves: CVE-2024-3462 Source advisory: OSV:GHSA-G95V-3PJ6-J433...

GHSA-G95V-3PJ6-J433 Ant Media Server does not properly authorize non-administrative API calls

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 tested and possibly newer ones are believed to be...

CVE-2024-3462

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 tested and possibly newer ones are believed to be...

Ant Media Server 安全漏洞

Ant Media Server is a real-time streaming engine software from Ant Media open source. It provides adaptive ultra-low latency streaming using WebRTC technology with a latency of approximately 0.5 seconds. A security vulnerability exists in Ant Media Server Community Edition prior to version 2.9.0...

CVE-2024-3462 Authorization bypass in Ant Media Server

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 tested and possibly newer ones are believed to be...

CVE-2024-3462 Authorization bypass in Ant Media Server

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 tested and possibly newer ones are believed to be...

PT-2024-26036 · Ant Media Server · Ant Media Server Community Edition

Name of the Vulnerable Software and Affected Versions: Ant Media Server Community Edition versions prior to 2.9.0 Description: The issue is related to an improper HTTP header based authorization, allowing the use of non-administrative API calls reserved for authorized users. Recommendations: For...

Privilege Escalation

Ant Media Server is vulnerable to Privilege Escalation. The vulnerability is caused by running Java Management Extensions JMX with authentication disabled on localhost on port 5599. This allows unprivileged users to connect locally and leverage MLet Bean within JMX to load a remote MBean from an...

CVE-2024-32656

Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media...