CVE-2021-37373

Cross Site Scripting XSS vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware...

CVE-2021-37373

Cross Site Scripting XSS vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware...

PT-2023-12310 · Teradek · Teradek Slice

Name of the Vulnerable Software and Affected Versions: Teradek Slice 1st generation firmware versions 7.3.x and earlier Description: The issue allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. This is a result of a Cross Site Scripting XSS...

Teradek Slice 跨站脚本漏洞

Teradek Slice is a rackmount video decoder from Teradek. A security vulnerability exists in Teradek Slice 1st generation firmware version 7.3.x and earlier. An attacker could exploit the vulnerability to execute arbitrary code via the Friendly Name field in System Information Settings...

CVE-2021-37373

Teradek Slice (1st generation) firmware 7.3.x and earlier is vulnerable to a Cross Site Scripting (XSS) flaw in the Friendly Name field of System Information Settings. The root cause is improper handling of input in that field, enabling an attacker to execute arbitrary code remotely. Exploitation...

DEBIAN-CVE-2023-23143

Buffer overflow vulnerability in function avcparseslice in file mediatools/avparsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master...

PT-2023-18855 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 2.3-DEV-rev1-g4669ba229-master Description: A buffer overflow issue exists in the avc parse slice function located in the media tools/av parsers.c file. This issue can be exploited, but details about the estimated number of...

GPAC 安全漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in GPAC version 2.3-DEV-rev1-g4669ba229-master, which stems from the discovery of a contained buffer overflow vulnerability via the avcparseslice function in mediatools/avparsers.c...

prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior

In function Table::asref, a reference of vector is force cast to slice. There are multiple problems here: 1. To guarantee the size is correct, we have to first do Vec::shrinktofit. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is undefined...

Cross site scripting

A vulnerability, which was classified as problematic, was found in Boston Sleep slice up to 84.1.x. Affected is an unknown function of the component Layout Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 84.2.0 is able to...

Boston Sleep Slice 跨站脚本漏洞

Slice is a clinical research interface open-sourced by Boston Sleep. Designed to collect robust and consistent data by providing a robust framework for designing data dictionaries and collection forms. A cross-site scripting vulnerability exists in Boston Sleep Slice version 84.2.0 and prior...

CVE-2022-4588 Boston Sleep slice Layout cross site scripting

A vulnerability, which was classified as problematic, was found in Boston Sleep slice up to 84.1.x. Affected is an unknown function of the component Layout Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 84.2.0 is able to...

PT-2022-27666 · Unknown · Boston Sleep Slice

Name of the Vulnerable Software and Affected Versions: Boston Sleep slice versions up to 84.1.x Boston Sleep slice versions up to 84.2.0 Description: A vulnerability was found in the component Layout Handler, which can lead to cross site scripting. The manipulation can be launched remotely. It is...

CVE-2022-4588 Boston Sleep slice Layout cross site scripting

A vulnerability, which was classified as problematic, was found in Boston Sleep slice up to 84.1.x. Affected is an unknown function of the component Layout Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 84.2.0 is able to...

PT-2022-14736 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a missing permission check in the getSlice of ProviderModelSlice.java. This could lead to local escalation of privilege from the guest user with no additional execution privileg...

RUSTSEC-2022-0074 Force cast a &Vec<T> to &[T]

In function Table::asref, a reference of vector is force cast to slice. There are multiple problems here: 1. To guarantee the size is correct, we have to first do Vec::shrinktofit. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is UB. 2. Even ...

Force cast a &Vec<T> to &[T]

In function Table::asref, a reference of vector is force cast to slice. There are multiple problems here: 1. To guarantee the size is correct, we have to first do Vec::shrinktofit. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is UB. 2. Even ...

VulnCheck KEV: CVE-2019-9810

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox 66.0.1, Firefox ESR 60.6.1, and Thunderbird 60.6.1...

golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag

A flaw was found in golang.org. In x/text, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag...

Ubuntu 20.04 LTS : etcd vulnerabilities (USN-5628-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5628-1 advisory. It was discovered that etcd incorrectly handled certain specially crafted WAL files. An attacker could possibly use this issue to cause a denial of...