CVE-2023-29584

mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the MP4GetVideoProfileLevel function at /src/mp4.cpp...

CVE-2023-29569

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via fficbimplwpwwwww at src/mjsffi.c. This vulnerability can lead to a Denial of Service DoS...

CVE-2023-29569

CVE-2023-29569 affects Cesanta MJS v2.20.0. A SEGV/segmentation fault is triggered via ffi_cb_impl_wpwwwww in src/mjs_ffi.c, resulting in Denial of Service. Documents do not provide a patch version or explicit remediation; exploitation details are not listed.

CVE-2023-29569

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via fficbimplwpwwwww at src/mjsffi.c. This vulnerability can lead to a Denial of Service DoS...

CVE-2023-29571

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gcsweep at src/mjsgc.c. This vulnerability can lead to a Denial of Service DoS...

CVE-2023-29571

Cesanta MJS v2.20.0 is affected by a SEGV vulnerability via gc_sweep in src/mjs_gc.c, causing Denial of Service. The issue is confirmed across multiple feeds (NVD, Red Hat, CNVD, OSV, etc.). Affected component: Cesanta MJS engine; vulnerability type: segmentation fault leading to DoS; root cause:...

CVE-2023-27730

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njslvlhshfind at src/njslvlhsh.c...

CVE-2023-27729

Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njsvmcodereturn at src/njsvmcode.c...

Design/Logic Flaw

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njsdumpisrecursive at src/njsvmcode.c...

CVE-2023-27728

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njsdumpisrecursive at src/njsvmcode.c...

Amazon Linux AMI : emacs (ALAS-2023-1712)

The version of emacs installed on the remote host is prior to 24.3-20.25. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1712 advisory. GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file,...

CVE-2020-19697

Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the src parameter...

Design/Logic Flaw

An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the JsiStrlen function in the src/jsiChar.c file...

Design/Logic Flaw

An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file...

EulerOS 2.0 SP11 : emacs (EulerOS-SA-2023-1572)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c us...

[SECURITY] Fedora 38 Update: qmmp-plugin-pack-2.1.0-5.fc38

Plugin pack is a set of extra plugins for Qmmp. FFap - enhanced Monkey's Audio APE decoder 24-bit samples and embedded cue support FFVideo - video playback engine based on FFmpeg library ModPlug - module player with use of the libmodplug library SRC - sample rate converter Goom - audio...

Fedora: Security Advisory for qmmp-plugin-pack (FEDORA-2023-a5e10b188a)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

EulerOS 2.0 SP9 : emacs (EulerOS-SA-2023-1465)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c us...

Reflected Cross-site Scripting (XSS)

generator-hottowel is vulnerable to Reflected Cross-site Scripting XSS attacks. The library does not properly handle invalid calls to assets as it uses a custom 404 response object, allowing an attacker to inject and execute JavaScript through the app.use function in app/templates/src/server/app....

CVE-2021-35290

File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page...