Lucene search
K

135 matches found

Prion
Prion
added 2023/02/17 6:15 p.m.11 views

Code injection

An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the aoc parameter...

3.7CVSS7.2AI score0.00242EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/17 12:0 a.m.5 views

CVE-2020-19824

An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the aoc parameter...

7.2AI score0.00242EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/02/17 12:0 a.m.3 views

mpv 竞争条件问题漏洞

mpv is a command line video player from mpv open source. A security vulnerability exists in mpv version v.0.29.1, which can be exploited by an attacker to execute arbitrary code and crash the program via the aoc parameter...

7CVSS7.5AI score0.00242EPSS
Exploits1References4
CVE
CVE
added 2023/02/17 12:0 a.m.130 views

CVE-2020-19824

MPV is affected by CVE-2020-19824: in MPV v0.29.1, a use-after-free flaw in the ao_c path allows an attacker to execute arbitrary code or crash the program. The issue is fixed in v0.30. Practical impact described in sources is high (local access, user interaction required) with significant confid...

7CVSS7.1AI score0.00242EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/02/17 12:0 a.m.26 views

CVE-2020-19824

An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the aoc parameter...

7.2AI score0.00242EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2023/02/17 12:0 a.m.21 views

CVE-2020-19824

An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the aoc parameter...

7CVSS7.2AI score0.00242EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 4:30 a.m.7 views

SUSE CVE-2018-6360

mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an av://lavfi:ladspa=file= UR...

8.8CVSS7.6AI score0.02642EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:42 a.m.3 views

SUSE CVE-2021-30145

A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file...

7.8CVSS7.6AI score0.02409EPSS
Exploits1References5
Openbugbounty
Openbugbounty
added 2022/07/10 3:33 a.m.12 views

mpv-suv.co.uk Cross Site Scripting vulnerability OBB-2752349

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
Openbugbounty
Openbugbounty
added 2022/04/09 7:10 a.m.14 views

mail.mpv-patent.com Cross Site Scripting vulnerability OBB-2485929

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.10 views

Mageia: Security Advisory (MGASA-2021-0235)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.7AI score0.02409EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/01/24 12:0 a.m.21 views

GLSA-202107-46 : mpv: Format string vulnerability

The remote host is affected by the vulnerability described in GLSA-202107-46 mpv: Format string vulnerability mpv uses untrusted input within format strings. Impact : A remote attacker could entice a user to open a specially crafted m3u playlist file using mpv, possibly resulting in execution of...

7.8CVSS7.7AI score0.02409EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/01/07 12:20 a.m.38 views

OS Command Injection in node-mpv

node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

9.8CVSS9.3AI score0.04358EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/01/07 12:20 a.m.12 views

GHSA-CQR2-XHG6-P268 OS Command Injection in node-mpv

node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

9.8CVSS9.7AI score0.04358EPSS
Exploits1References3
Openbugbounty
Openbugbounty
added 2021/12/28 5:10 a.m.14 views

mpv-staufenberg.de Cross Site Scripting vulnerability OBB-2312993

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2021/07/20 12:0 a.m.77 views

mpv: Format string vulnerability

Background Video player based on MPlayer/mplayer2. Description mpv uses untrusted input within format strings. Impact A remote attacker could entice a user to open a specially crafted m3u playlist file using mpv, possibly resulting in execution of arbitrary code with the privileges of the process...

7.8CVSS3.9AI score0.02409EPSS
Exploits1
Mageia
Mageia
added 2021/06/08 2:33 p.m.28 views

Updated mpv packages fix a security vulnerability

Fixed format string vulnerability allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file CVE-2021-30145...

7.8CVSS6.4AI score0.02409EPSS
Exploits1References2
OSV
OSV
added 2021/06/08 2:33 p.m.10 views

MGASA-2021-0235 Updated mpv packages fix a security vulnerability

Fixed format string vulnerability allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file CVE-2021-30145...

7.8CVSS7.7AI score0.02409EPSS
Exploits1References3
OSV
OSV
added 2021/05/27 6:5 p.m.3 views

OPENSUSE-SU-2021:0798-1 Security update for mpv

This update for mpv fixes the following issues: - CVE-2021-30145: Fixed format string vulnerability allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file boo1186230 This update was imported from the openSUSE:Leap:15.2:Update update project...

7.8CVSS7.7AI score0.02409EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2021/05/27 12:0 a.m.17 views

Security update for mpv (important)

openSUSE Security Update: Security update for mpv Announcement ID: openSUSE-SU-2021:0798-1 Rating: important References: 1186230 Cross-References: CVE-2021-30145 CVSS scores: CVE-2021-30145 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP2 An...

7.8CVSS7.6AI score0.02409EPSS
Exploits1References1
Rows per page
Query Builder