11 matches found
SUSE CVE-2018-6360
mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an av://lavfi:ladspa=file= UR...
Mageia: Security Advisory (MGASA-2018-0130)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : mpv (openSUSE-2018-173)
This update for mpv fixes the following issues : MPV was updated to version 0.27.2 Security issues fixed : - CVE-2018-6360: Additional fix for where mpv allowed remote attackers to execute arbitrary code via a crafted website, because it read HTML documents containing VIDEO elements, and accepts...
[ASA-201802-7] mpv: arbitrary code execution
Arch Linux Security Advisory ASA-201802-7 ========================================= Severity: High Date : 2018-02-13 CVE-ID : CVE-2018-6360 Package : mpv Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-605 Summary ======= The package mpv before version...
[SECURITY] [DSA 4105-2] mpv security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4105-2 [email protected] https://www.debian.org/security/ February 08, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...
[SECURITY] [DSA 4105-2] mpv security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4105-2 [email protected] https://www.debian.org/security/ February 08, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...
[SECURITY] [DSA 4105-1] mpv security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4105-1 [email protected] https://www.debian.org/security/ February 06, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...
[SECURITY] [DSA 4105-1] mpv security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4105-1 [email protected] https://www.debian.org/security/ February 06, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...
CVE-2018-6360
mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an av://lavfi:ladspa=file= UR...
CVE-2018-6360
mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an av://lavfi:ladspa=file= UR...
CVE-2018-6360
mpv = 0.27.1, Mageia citing 0.27.2+, and Alpine noting vulnerability up to 0.28.0). If exploitation details are not provided in a document, they are not assumed; rely on the stated fixes.