CVE-2024-41206

A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file...

PT-2024-33685

Name of the Vulnerable Software and Affected Versions: tsMuxer version nightly-2024-03-14-01-51-12 Description: A heap-based buffer overflow in tsMuxer allows attackers to cause Denial of Service DoS, Information Disclosure, and Code Execution via a crafted MKV video file. Recommendations: For...

@aws/aws-config-catalog-module-for-backstage (>=0.1.0 <=0.2.0), @backstage-community/backstage-plugin-catalog-backend-module-mta-entity-provider (=0.3.0) +54 more potentially affected by CVE-2023-25571 via @backstage/plugin-catalog-backend (>=0.0.0-nightly-20220708025041 <=1.5.1)

@backstage/plugin-catalog-backend NPM version =0.0.0-nightly-20220708025041, =0.1.0, =0.4.0, =1.7.4, =1.0.3, =0.0.0-nightly-20240116021644, =0.0.0-nightly-20220219022334, =0.0.0-nightly-20220308022132, =0.0.0-nightly-20220311022539, =0.0.0-nightly-20220531024457, =0.0.0-nightly-20220810023539,...

Apple WebKit - &#039;ComposedTreeIterator::traverseNextInShadowTree&#039; Use-After-Free

function go d.open = false; d.innerHTML = "foo"; d.open = true; foo !-- ================================================================= ASan log: ================================================================= ==570==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000065058 at pc...

Apple WebKit - &#039;FormSubmission::create&#039; Use-After-Free

function go object.name = "foo"; input.autofocus = true; output.appendChildinput; form.submit; function eventhandler forvar i=0;i a !-- ================================================================= Preliminary analysis: The bug is in FormSubmission::create. This function traverses the vector ...