167 matches found
CVE-2023-6602 Ffmpeg: improper handling of input format in tty demuxer of ffmpeg
A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists...
CVE-2023-6602 Ffmpeg: improper handling of input format in tty demuxer of ffmpeg
A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists...
CVE-2023-6602
A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists...
FFmpeg 安全漏洞
FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. An information disclosure vulnerability exists in FFmpeg, which stems from incorrect parsing of non-TTY-compliant input files in HLS playlists, and can be exploited by an attacker to cause ...
CVE-2024-11333 HLS Player <= 1.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
The HLS Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hlsplayer' shortcode in all versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2024-16918 · WordPress · Hls Player
Name of the Vulnerable Software and Affected Versions: HLS Player plugin for WordPress versions up to, and including, 1.0.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's hls player shortcode due to insufficient input sanitization and output escaping on...
WordPress plugin HLS Player 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
WordPress HLS Player plugin <= 1.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin HLS Player versions = 1.0.10...
WordPress HLS Player Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)
Software HLS Player Type Plugin Vulnerable versions = 1.0.10 Fixed in 1.0.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11333 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 85cc26efeb58 Credits SOPROBRO Required privileg...
io.antmedia.app:ConsoleApp (>=1.2.0 <=1.5.0), io.antmedia.app:LiveApp (>=1.2.0 <=1.8.1) +8 more potentially affected by CVE-2024-3462 via io.antmedia:ant-media-server (>=1.2.0 <=2.9.0)
io.antmedia:ant-media-server MAVEN version =1.2.0, =1.2.0, =1.2.0, =1.6.1, =2.15.0, =2.9.0, =2.14.0, =2.9.0, =2.6.1, =1.9.0, =1.2.0, =1.8.1 Source cves: CVE-2024-3462 Source advisory: OSV:GHSA-G95V-3PJ6-J433...
SUSE CVE-2023-6602
A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists...
SUSE CVE-2023-6601
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...
CVE-2023-47624
The CVE-2023-47624 entry affects Audiobookshelf (versions 2.4.3 and earlier). A path traversal in the /hls endpoint can allow any user (even with no privileges) to read files from the local filesystem, leading to Information Disclosure. As of publication, no patches are available. Affected produc...
CVE-2023-47624 Audiobookshelf Arbitrary File Read Vulnerability
Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user regardless of their permissions may be able to read files from the local file system due to a path traversal in the /hls endpoint. This issue may lead to Information Disclosure. As of time of...
PT-2024-15023
Name of the Vulnerable Software and Affected Versions FFmpeg affected versions not specified Description A flaw was found in FFmpeg's TTY Demuxer, allowing possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists. Recommendations At the moment, there is no...
PT-2024-15022
Name of the Vulnerable Software and Affected Versions FFmpeg affected versions not specified Description A flaw was found in FFmpeg's HLS demuxer, allowing bypassing of unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file...
BIT-NGINX-INGRESS-CONTROLLER-2022-41743
NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttphlsmodule that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when...
CVE-2023-35934
yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host...
CVE-2023-34105
SRS (Simple Real-time Server) api-server is vulnerable to drive-by command injection on POST /api/v1/snapshots in versions prior to 5.0.157, 5.0-b1, and 6.0.48, potentially leading to Remote Code Execution (RCE). Connected advisories confirm a fix in 5.0.157, 5.0-b1, and 6.0.48. Mitigate by updat...
SUSE CVE-2016-1897
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming HLS M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file...