6 matches found
CVE-2026-49247 Jellyfin: Potential Authenticated path traversal in /ClientLog/Document
Jellyfin is an open source self hosted media server. From 10.9.0 until 10.11.10, the POST /ClientLog/Document endpoint accepts the Authorization header's Client and Version fields and uses them unsanitized as components of the on-disk filename when persisting client-uploaded log documents. As a...
PT-2026-52067
Name of the Vulnerable Software and Affected Versions Jellyfin versions 10.9.0 through 10.11.9 Description The POST '/ClientLog/Document' endpoint fails to sanitize the Client and Version fields within the Authorization header when saving client-uploaded log documents to the disk. An authenticate...
EUVD-2019-5302
Malware in sbrugna...
CVE-2019-14045
Possible buffer overflow while processing clientlog and serverlog due to lack of validation of data received in logs in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8096AU, QCS605, SDM439, SM8150, SXR1130...
PT-2023-22823 · Jellyfin · Jellyfin
Name of the Vulnerable Software and Affected Versions: Jellyfin versions 10.8.0 through 10.8.10 Description: The issue is related to a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. This vulnerability can be combined with a cross-site scripting...
Buffer overflow
Possible buffer overflow while processing clientlog and serverlog due to lack of validation of data received in logs in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8096AU, QCS605, SDM439, SM8150, SXR1130...