Lucene search
K

41 matches found

Vulnrichment
Vulnrichment
added 2024/02/08 11:39 p.m.1 views

CVE-2024-24825 TokenManager not checking permissions on cached tokens in DIRAC

DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known...

9.1CVSS7AI score0.00534EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/08 11:39 p.m.37 views

CVE-2024-24825 TokenManager not checking permissions on cached tokens in DIRAC

DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known...

9.1CVSS9.3AI score0.00534EPSS
Exploits0References2
CVE
CVE
added 2024/02/08 11:39 p.m.49 views

CVE-2024-24825

DIRAC’s TokenManager vulnerability (CVE-2024-24825) affects DIRAC before version 8.0.37, allowing any user to obtain a token requested by another user/agent and potentially expose resources. The issue is fixed in 8.0.37; upg rade to that release. Other sources (GitHub advisory GHSA-59qj-jcjv-662j...

9.1CVSS7.3AI score0.00534EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2024/02/08 3:32 p.m.6 views

comdirac (>=0.22.0 <=1.3.3), ctadirac (>=2.0.0 <=2.2.35) +3 more potentially affected by CVE-2024-24825 via dirac (>=7.2.30 <=8.0.30)

dirac PYPI version =7.2.30, =0.22.0, =2.0.0, =33.0.0a1, =10.2.5, =10.4.23 - lhcbwebdirac =5.3.0a2 Source cves: CVE-2024-24825 Source advisory: OSV:GHSA-59QJ-JCJV-662J...

9.1CVSS7.1AI score0.00534EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/02/08 3:32 p.m.14 views

ctadirac (>=2.2.0a1 <=2.2.35) potentially affected by CVE-2024-24825 via dirac (>=8.0.0 <=8.0.30)

dirac PYPI version =8.0.0, =2.2.0a1, =2.2.35 Source cves: CVE-2024-24825 Source advisory: OSV:GHSA-59QJ-JCJV-662J...

9.1CVSS7.1AI score0.00534EPSS
Exploits0
OSV
OSV
added 2024/02/08 3:32 p.m.7 views

GHSA-59QJ-JCJV-662J DIRAC's TokenManager does not check permissions on cached tokens

Impact Any user could get a token that has been requested by another user/agent Patches The vulnerability is fixed in version 8.0.37. Workarounds None References...

9.1CVSS8.2AI score0.00534EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/02/08 3:32 p.m.23 views

DIRAC's TokenManager does not check permissions on cached tokens

Impact Any user could get a token that has been requested by another user/agent Patches The vulnerability is fixed in version 8.0.37. Workarounds None References...

9.1CVSS7AI score0.00534EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/11/11 12:0 a.m.8 views

The vulnerability of the Dirac and Schrodinger codecs in the VideoLAN VLC media player software allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the Dirac and Schrodinger codecs in the VideoLAN VLC media player software lies in the fact that the operation results are stored outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause system failures...

10CVSS7.6AI score0.02373EPSS
Exploits0References5Affected Software2
CNVD
CNVD
added 2018/03/23 12:0 a.m.4 views

Libav Denial of Service Vulnerability (CNVD-2018-07427)

Libav is an open source audio and video processing tools , providing for conversion , manipulation and streaming of various multimedia formats and protocols cross-platform tools and libraries . A denial of service vulnerability exists in the unpackparseunit function in libavcodec/diracparser.c in...

6.5CVSS6.8AI score0.01029EPSS
Exploits0References1
OSV
OSV
added 2018/03/22 9:29 p.m.3 views

UBUNTU-CVE-2017-18243

The unpackparseunit function in libavcodec/diracparser.c in Libav 12.2 allows remote attackers to cause a denial of service segmentation fault via a crafted file...

6.5CVSS6.6AI score0.01029EPSS
Exploits0References2
NVD
NVD
added 2018/03/22 9:29 p.m.17 views

CVE-2017-18243

The unpackparseunit function in libavcodec/diracparser.c in Libav 12.2 allows remote attackers to cause a denial of service segmentation fault via a crafted file...

6.5CVSS6.2AI score0.01029EPSS
Exploits0References1
OSV
OSV
added 2018/03/22 9:29 p.m.2 views

CVE-2017-18243

The unpackparseunit function in libavcodec/diracparser.c in Libav 12.2 allows remote attackers to cause a denial of service segmentation fault via a crafted file...

6.5CVSS5.8AI score
Exploits0References1
CVE
CVE
added 2018/03/22 9:0 p.m.48 views

CVE-2017-18243

CVE-2017-18243 affects Libav 12.2 and is caused by the unpack_parse_unit function in libavcodec/dirac_parser.c. A crafted file can trigger a denial-of-service (segmentation fault). The vulnerability is documented across multiple sources (e.g., NVD, Red Hat, CNVD) with no public exploit details pr...

6.5CVSS6.2AI score0.01029EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/11/30 12:0 a.m.37 views

openSUSE Security Update : ffmpeg (openSUSE-2015-821)

The ffmpeg package was updated to version 2.8.2 to fix the following security and non security issues : - CVE-2015-8216: Fixed the ljpegdecodeyuvscan function in libavcodec/mjpegdec.c which could cause a denial of service out-of-bounds array access bnc955346. - CVE-2015-8217: Fixed the...

7.5CVSS8.1AI score0.02412EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2015/02/03 12:0 a.m.36 views

Debian DSA-3150-1 : vlc - security update

Fabian Yamaguchi discovered multiple vulnerabilities in VLC, a multimedia player and streamer : - CVE-2014-9626 The MP4 demuxer, when parsing string boxes, did not properly check the length of the box, leading to a possible integer underflow when using this length value in a call to memcpy. This...

7.8CVSS7.9AI score0.02373EPSS
Exploits0References11
OSV
OSV
added 2015/02/02 12:0 a.m.29 views

DSA-3150-1 vlc - security update

Bulletin has no description...

7.8CVSS7.6AI score0.02373EPSS
Exploits0
NVD
NVD
added 2013/12/09 4:36 p.m.18 views

CVE-2011-3949

The diracunpackidwtparams function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data...

6.8CVSS6.7AI score0.02037EPSS
Exploits0References2
Prion
Prion
added 2013/12/09 4:36 p.m.15 views

Code injection

The diracunpackidwtparams function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data...

6.8CVSS7AI score0.02037EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2013/12/09 4:36 p.m.29 views

CVE-2011-3949

The diracunpackidwtparams function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data...

6.8CVSS7.3AI score0.02037EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2013/12/09 11:0 a.m.33 views

CVE-2011-3949

The diracunpackidwtparams function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data...

6.8CVSS9.6AI score0.02037EPSS
Exploits0
Rows per page
Query Builder