260 matches found
DEBIAN-CVE-2024-36615
FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread...
CVE-2024-36615
FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread...
CVE-2024-36615
The CVE-2024-36615 entry concerns FFmpeg n7.0: a race condition in the VP9 decoder that can cause a data race if video encoding parameters are exported, with side data attached in the decoder thread while read in the output thread. Connected sources (Debian DLA-4440 and OpenSUSE/SUSE advisories) ...
Red Hat OpenShift Container Platform 安全漏洞
Red Hat OpenShift Container Platform is a suite of application platforms from Red Hat, Inc. that enables organizations to develop, deploy and manage existing container-based applications across physical, virtual and public cloud infrastructures. A security vulnerability exists in Red Hat OpenShif...
CVE-2024-29194 OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation
OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the ismasteradmin key, stored in the local storage of the browser, can be manipulated by an attacker. By...
CVE-2024-1779
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ztdcfcfchangestatus function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter t...
CVE-2024-1777 Admin side data storage for Contact Form 7 <= 1.1.1 - Cross-Site Request Forgery
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the settings update function. This makes it possible for unauthenticated attackers t...
DEBIAN-CVE-2023-46931
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmxparsesidedata /afltest/gpac/src/filters/ffdmx.c:202:14 in gpac/MP4Box...
UBUNTU-CVE-2023-46931
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmxparsesidedata /afltest/gpac/src/filters/ffdmx.c:202:14 in gpac/MP4Box...
PT-2023-30264 · Gpac +1 · Gpac +1
Name of the Vulnerable Software and Affected Versions: GPAC version 2.3-DEV-rev605-gfc9e29089-master Description: The issue is a heap-buffer-overflow in the ffdmx parse side data function located at /afltest/gpac/src/filters/ff dmx.c:202:14 in gpac/MP4Box. This indicates a problem with how data i...
Sourcecodester Hospital Patient Records Management System跨站脚本漏洞(CNVD-2022-48761)
Sourcecodester Hospital Patient Records Management System is a Web-based application that provides an automated platform for hospitals to store and manage their patient records. A cross-site scripting vulnerability exists in version 1.0, which stems from the lack of proper validation of client-si...
livehelperchat Cross-Site Scripting Vulnerability (CNVD-2022-18521)
livehelperchat is available through Live Helper Chat, which provides free live support on the website. livehelperchat suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the...
Orchard Core 跨站脚本漏洞
Net Core, an open source modular and multi-tenant application framework built using Asp.Net Core, and a content management system Cms built on top of the framework.A cross-site scripting vulnerability exists in Orchard Core, which stems from the lack of proper validation of client-side data in th...
Zulip Cross-Site Scripting Vulnerability (CNVD-2022-17016)
Zulip is a powerful open source group chat application from the Zulip team. Used to combine the immediacy of real-time chat with the productivity benefits of threaded conversations, Zulip suffers from a cross-site scripting vulnerability that stems from the WEB application's lack of proper...
Microweber Cross-Site Scripting Vulnerability (CNVD-2022-15527)
Microweber is an online store management system from the Microweber community in the United States that provides drag-and-drop functionality. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists in GitHub, which stems from the lack of proper...
Tricentis qTest 跨站脚本漏洞
Tricentis qTest is used by Tricentis to centrally manage and understand software testing activities from conception to production. qTest has a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application, which can be exploited by...
Taocms Cross-Site Scripting Vulnerability (CNVD-2022-11522)
Taocms is a micro Cms content management system in China. Taocms suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data in the WEB application, which can be exploited by attackers to execute client-side code...
Taocms 跨站脚本漏洞
Taocms is a micro Cms content management system in China. Taocms suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data in the WEB application, which can be exploited by attackers to execute client-side code...
chatwoot 跨站脚本漏洞
chatwoot is a software application. Customer Engagement Suite, an open source alternative to Intercom, Zendesk, Salesforce Service Cloud, and more. chatwoot suffers from a cross-site scripting vulnerability that stems from the WEB application's lack of proper validation of client-side data. An...
GitHub 跨站脚本漏洞
GitHub is a hosting platform for open source and private software projects. A cross-site scripting vulnerability exists in the GitHub repository chatwoot/chatwoot and prior versions, which stems from a lack of proper validation of client-side data by the web application. An attacker can exploit...