GHSA-PJXW-22XF-6PWC Prototype Pollution in defaults-deep

All versions of defaults-deep are vulnerable to prototype pollution. Provided certain input defaults-deep can add or modify properties of the Object prototype. These properties will be present on all objects. Recommendation As no patch is currently available for this vulnerability it is our...

Prototype Pollution

Overview All versions of defaults-deep are vulnerable to prototype pollution. Provided certain input defaults-deep can add or modify properties of the Object prototype. These properties will be present on all objects. Recommendation As no patch is currently available for this vulnerability it is...

PT-2019-18337 · Zoneminder +3 · Zoneminder +3

Name of the Vulnerable Software and Affected Versions: ZoneMinder version 1.32.3 Description: An issue exists in the software where Reflected XSS is present in the web/skins/classic/views/plugin.php file via the pl parameter in the /zm/index.php?view=plugin API endpoint. Recommendations: For...

PT-2023-15166 · Unknown +2 · Gpac Mp4Box +2

Name of the Vulnerable Software and Affected Versions: GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b Description: The issue is related to a heap use-after-free vulnerability. It occurs via the file filters/dmx m2ts.c at line 470 in the m2tsdmx declare pid function. This vulnerability can be...

PT-2023-15458 · Unknown +1 · Gpac Mp4Box +1

Name of the Vulnerable Software and Affected Versions: GPAC MP4Box version 2.1-DEV-rev649-ga8f438d20 Description: The issue is caused by infinite recursion in the Media GetSample function, located in isomedia/media.c:662, leading to a segment fault or stack overflow. Recommendations: For GPAC...

PT-2022-26810 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: GPAC version 2.1-DEV-rev368-gfd054169b-master Description: A memory leak was discovered in GPAC via the component gf list new at utils/list.c. Recommendations: For GPAC version 2.1-DEV-rev368-gfd054169b-master, consider restricting access to...

PT-2020-6621 · Gpac +1 · Gpac +1

Name of the Vulnerable Software and Affected Versions: gpac versions prior to 20200801 Description: The issue is related to a stack-buffer-overflow in the DumpRawUIConfig function located in the odf dump.c file of the GPAC multimedia platform. This allows a remote attacker to access confidential...

PT-2022-11275 · Gpac +1 · Gpac +1

Name of the Vulnerable Software and Affected Versions: GPAC version 1.0.1 Description: The issue allows attackers to cause a denial of service via a crafted file in the MP4Box command, specifically through the gf bs write data function. Recommendations: For GPAC version 1.0.1, consider disabling...

PT-2018-14844 · Ethereumjs · Ethereumjs-Vm

Name of the Vulnerable Software and Affected Versions: ethereumjs-vm version 2.4.0 Description: The issue allows attackers to cause a denial of service, leading to vm.runCode failure and REVERT, via a code attribute set to Buffer.frommy code, 'hex'. It's worth noting that the vendor disputes this...

PT-2018-16284 · Yi · Yi Home Camera

Name of the Vulnerable Software and Affected Versions: Yi Home Camera 27US version 1.8.7.0D Description: A firmware downgrade vulnerability exists in the firmware update functionality. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD...

PT-2018-16350 · Sophos · Sophos Hitmanpro.Alert

Name of the Vulnerable Software and Affected Versions: Sophos HitmanPro.Alert version 3.7.6.744 Description: A memory disclosure issue exists in the 0x222000 IOCTL handler functionality. This can be triggered by a specially crafted IRP request, causing the driver to return uninitialized memory an...

GHSA-HXHM-3VJ9-6CQH apk-parser2 downloads Resources over HTTP

Affected versions of apk-parser2 insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

PT-2018-16290 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub version 0.20.17 Description: A buffer overflow issue exists in the /cameras/XXXX/clips handler of the video-core's HTTP server. The video-core process incorrectly handles user-controlled JSON payloads, leading to a...

GHSA-VCFP-PPQW-MF23 fis-sass-all downloads Resources over HTTP

Affected versions of fis-sass-all insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-G36H-6R4F-3MQP Regular Expression Denial of Service in string package

Affected versions of string are vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods. Recommendation There is currently no direct patch for this vulnerability. Currently, the best solution is to avo...

GHSA-PMG9-P9R2-6Q87 ReDoS via long UserAgent header in ua-parser

Affected versions of ua-parser are vulnerable to regular expression denial of service when given a specially crafted User-Agent header. Recommendation No patch is currently available for this vulnerability. The best mitigation is currently to avoid using this package, using a different,...

GHSA-76P6-GPVF-6WMV Directory Traversal in hftp

Affected versions of hftp resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...

Directory Traversal in gomeplus-h5-proxy

Affected versions of gomeplus-h5-proxy resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

Directory Traversal in datachannel-client

Affected versions of datachannel-client resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

GHSA-3GRC-FGH6-G5GP Directory Traversal in http_static_simple

Affected versions of httpstaticsimple resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...