[SECURITY] Fedora 40 Update: yt-dlp-2024.07.02-1.fc40

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

CVE-2024-38519 yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

CVE-2024-38519 yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

RHEL 5 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ruby: Command injection vulnerability in Net::FTP CVE-2017-17405 - ruby: OpenSSL::X509::Name equality che...

RHEL 6 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ruby: Command injection vulnerability in Net::FTP CVE-2017-17405 - ruby: OpenSSL::X509::Name equality che...

PT-2024-27730 · A+Hrd +1 · A+Hrd +1

Name of the Vulnerable Software and Affected Versions: a+HRD affected versions not specified Description: The issue concerns the functionality for downloading files using youtube-dl.exe in a+HRD, which does not properly restrict user input. This allows attackers to pass arbitrary arguments to...

CVE-2024-22423

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...

CVE-2024-22423

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...

yt-dlp 安全漏洞

yt-dlp is based on the youtube-dl branch of the now inactive youtube-dlc. A security vulnerability exists in yt-dlp that stems from not properly escaping special characters, resulting in a remote code execution vulnerability...

CVE-2023-33099

Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR...

CVE-2023-33101

CVE-2023-33101 is a DoS affecting Qualcomm chipsets, triggered by processing a DL NAS TRANSPORT message with payload length 0. The CVSS 3.1 base score is 7.5 (Network, Low attack complexity, No privileges, No user interaction; Availability impact HIGH). Connected sources indicate the issue is add...

CVE-2023-33101 Incorrect Type Conversion or Cast in Multi-Mode Call Processor

Transient DOS while processing DL NAS TRANSPORT message with payload length 0...

CVE-2023-33100 Improper input validation in Multi-Mode Call Processor

Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification...

CVE-2023-33100 Improper input validation in Multi-Mode Call Processor

Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification...

CVE-2023-33099 Improper Input Validation in Multi-Mode Call Processor

Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR...

CVE-2023-33099

CVE-2023-33099 describes a transient Denial of Service in Qualcomm chipsets caused by processing an SMS container of non-standard size over DL NAS transport in NR. The entry appears under Qualcomm closed-source components with a High impact rating (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ...

CVE-2023-33099 Improper Input Validation in Multi-Mode Call Processor

Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR...

CVE-2023-33095

Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR...

CVE-2023-33096

Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16...

Design/Logic Flaw

Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16...