140 matches found
EUVD-2021-27595
Malicious code in bioql PyPI...
CVE-2021-40418
When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the...
CVE-2021-40417
When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an integer...
CVE-2021-40417
When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an integer...
CVE-2021-40418
When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the...
Heap overflow
When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an integer...
Design/Logic Flaw
When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the...
CVE-2021-40418
CVE-2021-40418 affects Blackmagic Design DaVinci Resolve’s R3D DPDecoder service and the R3D SDK. The issue arises when DPDecoder parses a file: it can skip assigning a property that should reference an UUID object parsed from a frame, leaving that member uninitialized. Upon destruction, the unin...
CVE-2021-40417
When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an integer...
CVE-2021-40418
When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the...
PT-2021-22893 · R3D Sdk · R3D Sdk
Name of the Vulnerable Software and Affected Versions: R3D SDK affected versions not specified Description: The issue arises when the R3D SDK parses a file submitted to the DPDecoder service as a job. It mistakenly skips the assignment of a property containing an object that refers to a UUID pars...
PT-2021-22892 · R3D Sdk +1 · R3D Sdk +1
Name of the Vulnerable Software and Affected Versions: DPDecoder service affected versions not specified Description: The issue arises when the DPDecoder service parses a submitted file as a job, using decoding parameters and fields parsed by the R3D SDK to calculate a heap buffer size. An intege...
Blackmagic Design DaVinci Resolve R3D DPDecoder Service frame parsing uninitialized uuid object vulnerability
Summary When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the...
Command injection
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data...
CVE-2018-14060
OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/setrouterwifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data...
CVE-2018-14060
OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/setrouterwifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data...
Command injection
OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/setrouterwifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data...
CVE-2018-14010
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data...
CVE-2018-14060
OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/setrouterwifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data...
CVE-2018-14010
The CVE-2018-14010 issue affects Xiaomi routers (R3P, R3C, R3, R3D) via the guest Wi‑Fi settings feature in /cgi-bin/luci. Affected firmware versions are R3P < 2.14.5, R3C < 2.12.15, R3 < 2.22.15, and R3D