5 matches found
CVE-2023-33969
CVE-2023-33969 affects Kanboard. It's a stored XSS in the Task External Link functionality (stored script executed when viewing a task). Impact: arbitrary JavaScript execution for users who view the malicious task; default CSP blocks this attack. The issue is addressed in version 1.2.30; upgrade ...
WavPack W64 Parser Component Memory Write Vulnerability
WavPack is a set of open source, free audio lossless compression software. w64 parser is one of the 64-bit parser component . A security vulnerability exists in the W64 parser component in WavPack 5.1.0 and earlier versions, which is caused by multiple format chunks received by the...
WavPack out-of-bounds write vulnerability (CNVD-2018-10101)
WavPack is an open source, free audio lossless compression software. A security vulnerability exists in WavPack 5.1.0 and earlier versions, which stems from a failure of the 'ParseRiffHeaderConfig' function in the riff.c file to verify the size of a block before allocating memory. An attacker cou...
DEBIAN-CVE-2018-10536
An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks...
WavPack Read Across Boundaries Vulnerability
WavPack is an open source, free audio lossless compression software. An out-of-bounds read vulnerability exists in the 'ParseRiffHeaderConfig' function of the cli/riff.c file in WavPack version 5.1.0. A remote attacker can exploit this vulnerability to cause a denial of service via a maliciously...