EUVD-2026-30360

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, POST /api/tag/getTag is registered with model.CheckAuth only, omitting both model.CheckAdminRole and model.CheckReadonly, despite the handler performing a configuration write that is normally guarded by both. Any...

SiYuan 授权问题漏洞

SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.7.0 had an authorization issue vulnerability. This vulnerability stemmed from the lack of administrator and read-only permission checks for the POST /api/tag/getTag endpoint, which cou...

GHSA-6R88-8V7Q-Q4P2 SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk

Summary POST /api/tag/getTag is registered with model.CheckAuth only, omitting both model.CheckAdminRole and model.CheckReadonly, despite the handler performing a configuration write that is normally guarded by both. Any authenticated user — including publish-service RoleReader accounts and...

EUVD-2019-7843

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-17454

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bento4 1.5.1.0 has a NULL pointer dereference in AP4Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4StsdAtom::GetSampleDescription in...

in axiomatic-systems/bento4

✍️ Description NULL pointer dereference of Ap4Descriptor.h in function GetTag 🕵️‍♂️ Proof of Concept Verification steps： 1.Get the source code of Bento4 2.Compile the Bento4 bash $ cd Bento4 $ mkdir checkbuild && cd checkbuild $ cmake ../ -DCMAKECCOMPILER=clang -DCMAKECXXCOMPILER=clang++...

CVE-2019-20092

An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4Descriptor::GetTag in mp42ts when called from AP4EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp...

UBUNTU-CVE-2019-20092

An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4Descriptor::GetTag in mp42ts when called from AP4EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp...

CVE-2019-20091

An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4Descriptor::GetTag in mp42ts when called from AP4DecoderConfigDescriptor::GetDecoderSpecificInfoDescriptor in Ap4DecoderConfigDescriptor.cpp...

Null pointer dereference

An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4Descriptor::GetTag in mp42ts when called from AP4EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp...

Bento4 Null Pointer Dereference Vulnerability (CNVD-2020-03869)

Bento4 is an open source C++ library for reading and writing MP4 files. A code issue vulnerability exists in the 'AP4Descriptor::GetTag' function in Bento4 version 1.5.1.0. The vulnerability stems from an improperly designed or implemented code development process for a networked system or produc...

Bento4 Null Pointer Dereference Vulnerability (CNVD-2020-03870)

Bento4 is an open source C++ library for reading and writing MP4 files. A code issue vulnerability exists in the 'AP4Descriptor::GetTag' function in Bento4 version 1.5.1.0. The vulnerability stems from an improperly designed or implemented code development process for a networked system or produc...

Bento4 Null Pointer Dereference Vulnerability (CNVD-2019-40953)

Bento4 is a C++ class library and tool for reading and writing ISO-MP4 files. A null pointer dereference vulnerability exists in AP4Descriptor::GetTag in Core/Ap4Descriptor.h in Bento4 1.5.1.0. An attacker can exploit this vulnerability to cause a SEGV error...

CVE-2019-17454

Bento4 1.5.1.0 has a NULL pointer dereference in AP4Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info...

Null pointer dereference

Bento4 1.5.1.0 has a NULL pointer dereference in AP4Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info...

CVE-2019-17454

CVE-2019-17454 affects Bento4 1.5.1.0, with a NULL pointer dereference in AP4_Descriptor::GetTag (Core/Ap4Descriptor.h) related to AP4_StsdAtom::GetSampleDescription (Core/Ap4StsdAtom.cpp), as demonstrated by mp4info. Connected sources provide the root cause and file/function details; no patch/ve...

CVE-2019-17454

Bento4 1.5.1.0 has a NULL pointer dereference in AP4Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before 4.7.11, and 4.8.x before 4.8.4, and Enterprise Edition 4.6.8 and earlier, 5.0.x before 5.0.11 and 5.1.x before 5.1.4 allow remote attackers to inject arbitrary web...

CVE-2014-2016

Multiple cross-site scripting XSS vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before 4.7.11, and 4.8.x before 4.8.4, and Enterprise Edition 4.6.8 and earlier, 5.0.x before 5.0.11 and 5.1.x before 5.1.4 allow remote attackers to inject arbitrary web...