Bento4 Memory Leak Vulnerability

Bento4 is a C++ class library and tool for reading and writing ISO-MP4 files. A memory leak vulnerability exists in AP4StdcFileByteStream::Create in System/StdC/Ap4StdCFileByteStream.cpp in Bento4 1.5.1-627, which can be exploited by an attacker to cause a denial of service...

Bento4 Buffer Out-of-Bounds Read Vulnerability (CNVD-2019-07056)

Bento4 is an open source C++ library for reading and writing MP4 files. A heap buffer out-of-bounds read vulnerability exists in the 'AP4AvccAtom::Create' function of the Core/Ap4AvccAtom.cpp file in Bento4 version 1.5.1-627, which can be exploited by an attacker to cause a denial of service...

Bento4 memory leak vulnerability (CNVD-2019-07058)

Bento4 is a C++ class library and tool for reading and writing ISO-MP4 files. A memory leak vulnerability exists in AP4DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp in Bento4 1.5.1-627, which can be exploited by an attacker to cause a denial of service...

UBUNTU-CVE-2018-20409

An issue was discovered in Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4AvccAtom::Create in Core/Ap4AvccAtom.cpp, as demonstrated by mp42hls...

CVE-2018-20408

An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4StdcFileByteStream::Create in System/StdC/Ap4StdCFileByteStream.cpp, as demonstrated by mp42hls...

CVE-2018-20409

An issue was discovered in Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4AvccAtom::Create in Core/Ap4AvccAtom.cpp, as demonstrated by mp42hls...

CVE-2018-20408

An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4StdcFileByteStream::Create in System/StdC/Ap4StdCFileByteStream.cpp, as demonstrated by mp42hls...

FUEL CMS Cross-Site Request Forgery Vulnerability (CNVD-2019-07072)

FUEL CMS is a content management system based on CodeIgniter. FUEL CMS 1.4.3 suffers from a cross-site request forgery vulnerability that can be exploited to add an administrator account via users/create/...

CVE-2018-20188

CVE-2018-20188 affects FUEL CMS 1.4.3, where a cross-site request forgery (CSRF) via the /users/create/ endpoint can be abused to add an administrator account. The connected Red Hat/ENISA/CNVD/NVD sources corroborate the same description, indicating the vulnerability status and impact as describe...

kernel: Use-after-free in snd_seq_ioctl_create_port()

A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation...

postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements

It was discovered that PostgreSQL failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limit...

CVE-2018-2497

SAP HANA audit logs fail to record SELECT events when they appear as part of CREATE TABLE AS SELECT in versions 1.0 and 2.0. This could leave such statements partially unlogged, limiting audit visibility for these CREATE TABLE AS SELECT constructs. The provided documents do not include a patch/r...

Code injection

The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE AS SELECT...

CVE-2018-2497

The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE AS SELECT...

CVE-2018-2497

The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE AS SELECT...

Amazon Linux AMI : postgresql95 (ALAS-2018-1118)

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...

Amazon Linux AMI : postgresql96 (ALAS-2018-1119)

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...

aniloptiklens.com XSS vulnerability

Open Bug Bounty ID: OBB-707698 Description| Value ---|--- Affected Website:| aniloptiklens.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidde...

Buffalo TS5600D1206 Command Injection Vulnerability (CNVD-2019-00674)

The Buffalo TS5600D1206 is a network storage device from the Buffalo Group of Japan. A command injection vulnerability exists in the User.create method in the Buffalo TS5600D1206 version 3.61-0.10, which can be exploited to execute system commands with the 'name' parameter...

CVE-2018-13318

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...