Lucene search
+L

246 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:42 a.m.12 views

CVE-2024-52797

Opencast is free and open source software for automated video capture and distribution. First noticed in Opencast 13 and 14, Opencast's Elasticsearch integration may generate syntactically invalid Elasticsearch queries in relation to previously acceptable search queries. From Opencast version 11....

7.5CVSS6.8AI score0.00884EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:51 p.m.9 views

CVE-2022-41965

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows attackers to redirect users to...

6.1CVSS6.7AI score0.00347EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:43 p.m.13 views

CVE-2022-29237

Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassin...

5.5CVSS6.4AI score0.00541EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:36 p.m.9 views

CVE-2021-43821

Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast's host machines and making them available via the web interfac...

9.9CVSS8.9AI score0.01964EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 9:36 p.m.11 views

CVE-2021-43807

Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE...

7.5CVSS6.7AI score0.01416EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 9:30 p.m.8 views

CVE-2021-21318

Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2 there is a vulnerability in which publishing an episode with strict access rules will overwrite the currently set series access. This allows for an easy denial...

5.5CVSS6.8AI score0.00707EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:34 p.m.10 views

CVE-2021-32623

Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a seemingly permanent denial of service attack, essentially taking down Opencast usin...

8.1CVSS6.8AI score0.01254EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:43 p.m.9 views

CVE-2020-5231

In Opencast before 7.6 and 8.1, users with the role ROLECOURSEADMIN can use the user-utils endpoint to create new users not including the role ROLEADMIN. ROLECOURSEADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code except for tests but only i...

6.5CVSS6.8AI score0.00625EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:1 p.m.18 views

CVE-2020-26234

Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for...

4.8CVSS6.6AI score0.00276EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:42 p.m.10 views

CVE-2020-5222

Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials...

8.8CVSS6.7AI score0.00939EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:43 a.m.16 views

CVE-2018-16153

An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations...

7.5CVSS7.2AI score0.00829EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:55 a.m.7 views

CVE-2017-1000217

Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0...

8.8CVSS7.5AI score0.01878EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:34 a.m.10 views

CVE-2017-1000221

In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role...

6.5CVSS6.8AI score0.00764EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:41 p.m.23 views

CVE-2020-5228

Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the default workflow and is activated by default, requiring active user intervention of users to protect media. This leads to users unknowingly handing out public...

7.6CVSS6.5AI score0.00977EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 3:40 p.m.15 views

CVE-2020-5206

In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attacker can, for example...

10CVSS6.9AI score0.01293EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 3:39 p.m.14 views

CVE-2020-5230

Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directorie...

7.7CVSS6.7AI score0.01168EPSS
Exploits0
NVD
NVD
added 2024/11/21 11:15 a.m.16 views

CVE-2024-52797

Opencast is free and open source software for automated video capture and distribution. First noticed in Opencast 13 and 14, Opencast's Elasticsearch integration may generate syntactically invalid Elasticsearch queries in relation to previously acceptable search queries. From Opencast version 11....

7.5CVSS0.00884EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/21 1:30 a.m.16 views

CVE-2024-52797 Searching Opencast may cause a denial of service

Opencast is free and open source software for automated video capture and distribution. First noticed in Opencast 13 and 14, Opencast's Elasticsearch integration may generate syntactically invalid Elasticsearch queries in relation to previously acceptable search queries. From Opencast version 11....

6.5CVSS6.8AI score0.00884EPSS
Exploits0References4
CVE
CVE
added 2024/11/21 1:30 a.m.90 views

CVE-2024-52797

CVE-2024-52797 affects Opencast (open-source video capture/distribution platform). The issue arises from Elasticsearch query construction that can become syntactically invalid in relation to valid prior queries, triggering a retry loop that repeatedly reissues the same invalid query. This infinit...

7.5CVSS6.5AI score0.00884EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/11/21 1:30 a.m.45 views

CVE-2024-52797 Searching Opencast may cause a denial of service

Opencast is free and open source software for automated video capture and distribution. First noticed in Opencast 13 and 14, Opencast's Elasticsearch integration may generate syntactically invalid Elasticsearch queries in relation to previously acceptable search queries. From Opencast version 11....

6.5CVSS0.00884EPSS
Exploits0References4
Rows per page
Query Builder