CVE Catalog

A server-side request forgery (SSRF) vulnerability has been identified in FFmpeg's DASH playlist support, specifically in versions 4.2 through 6.0. This flaw allows arbitrary HTTP GET requests to be made from the machine running FFmpeg, using a crafted DASH playlist that contains malicious URLs. The vulnerability arises because the DASH demuxer does not properly check the protocol whitelist before initiating HTTP requests, potentially leading to unauthorized access or data exfiltration.

A denial-of-service vulnerability has been identified in FFmpeg versions 2.0 (at least) through 6.0 (latest). This issue arises in the HLS (HTTP Live Streaming) XBIN demuxer, where the absence of proper input format validation allows arbitrary data to be processed as XBIN-formatted. This exploitation leads to a significant increase in CPU usage during transcoding and creates excessively large output files, causing degraded performance. The vulnerability could be triggered by crafting an HLS playlist that bypasses file extension checks, directing FFmpeg to demux non-XBIN data as XBIN, which is then amplified into a larger file.

A vulnerability in FFmpeg's HLS demuxer allows for bypassing file extension checks that are meant to prevent unsafe files from being processed. This is achieved by appending certain file extensions to base64-encoded data URIs, which can then trigger arbitrary demuxers. The issue affects FFmpeg versions 2.0 through 6.0.

A cross-site scripting (XSS) vulnerability has been identified in the TabberNeue MediaWiki extension, specifically in versions prior to 2.7.2. The issue arises in the TabberTransclude.php file, where user-supplied page names are not properly escaped before being output. This flaw allows an XSS payload to be injected and executed. The vulnerability is present in the 'tabbertransclude' hook, which can be exploited by users who can edit pages or render wikitext.

A vulnerability in tgstation-server prior to version 6.12.3 allows enabled users to access most authorized API actions, regardless of their specific permissions. This issue arises because roles for authorizing API methods were incorrectly combined with the user-enabled role, allowing unauthorized access. However, the vulnerability does not affect the WriteUsers permission, preventing permanent elevation of account privileges.

A file upload conflict vulnerability has been identified in LangChain4j-AIDeepin versions prior to 3.5.0. The issue arises because the application uses MD5 to hash files, leading to potential conflicts during file uploads. This vulnerability has been addressed in version 3.5.0.

An open redirect vulnerability has been identified in Pnetlab version 5.3.11. This vulnerability allows an attacker to manipulate URLs, redirecting users to arbitrary external websites via a crafted script.

A Cross-Site Scripting (XSS) vulnerability exists in Pnetlab version 5.3.11. This issue allows attackers to inject malicious scripts into web pages, which are then executed in the context of the victim's browser. The vulnerability can be exploited by manipulating the 'success' parameter in the URL, particularly after registration, which triggers an application error message that executes the injected script.

A stored cross-site scripting vulnerability has been identified in IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2. This vulnerability allows users to inject arbitrary JavaScript into the Web UI, potentially altering functionality and leading to credential disclosure within a trusted session.

A stored cross-site scripting vulnerability has been identified in IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2. This vulnerability allows users to inject arbitrary JavaScript into the Web UI, potentially altering functionality and leading to credential disclosure within a trusted session.

A vulnerability exists in OpenVPN Connect for Android, prior to version 3.5.0, where the configuration profile's private key is stored in clear text and logged within the application. This exposed private key can be intercepted by an unauthorized actor and used to decrypt VPN traffic.

A vulnerability exists in OpenVPN versions prior to 2.6.11, where the software fails to properly sanitize PUSH_REPLY messages. This flaw allows an attacker controlling the server to inject unexpected arbitrary data into client logs. Additionally, this vulnerability could lead to a high CPU load on the client side.

A vulnerability allowing OS command injection has been identified in TUBITAK BILGEM Pardus OS My Computer, prior to version 0.7.2. This issue arises from improper neutralization of special elements used in OS commands, which could allow attackers to execute arbitrary commands on the operating system.

A buffer over-read vulnerability has been identified in the Automotive QNX OS used by Qualcomm. This vulnerability can lead to a transient denial-of-service condition when the GVM sends a specific message type to the Vdev-FastRPC backend.

A transient denial-of-service vulnerability has been identified in Qualcomm wireless drivers. The issue arises when the driver processes the per station (STA) profile information element (IE) and attempts to access the extended element ID without verifying the length of the IE first. This oversight can lead to a temporary disruption in service.

A vulnerability exists in the boot verification process of IFS2 images, allowing memory corruption. If a verified IFS2 image is overwritten, it can bypass boot verification. This vulnerability enables the injection of unauthorized programs into security-sensitive images, potentially allowing a tampered IFS2 system image to be booted.

A memory corruption vulnerability exists in certain Qualcomm products due to improper management of process-specific maps in relation to a global list. The issue arises when a map is removed from the global list while another thread is actively using it for a process-specific task, potentially leading to memory corruption.

A memory corruption vulnerability has been identified in the Qualcomm MCDM driver. This issue arises when any application that invokes IOCTL calls interacts with the MCDM driver, leading to potential memory corruption.

A memory corruption vulnerability has been identified in Qualcomm products while processing FIPS encryption or decryption validation through a specific IOCTL call. This issue could potentially be exploited to cause unintended behavior in the affected system.

A buffer copy vulnerability has been identified in the Windows WLAN Host component of certain Qualcomm chipsets. This vulnerability, classified as a 'classic buffer overflow', arises from memory corruption while processing IOCTL calls invoked from user space. The issue specifically relates to the verification of non-extension FIPS encryption and decryption functionality, creating potential for memory corruption.

A memory corruption vulnerability has been identified in the Windows WLAN Host component of certain Qualcomm chipsets. This issue arises from a buffer over-read while processing FIPS encryption or decryption IOCTL calls initiated from user-space. The vulnerability could potentially be exploited to cause memory corruption, leading to undefined behavior in the application.

A memory corruption vulnerability has been identified in the WLAN driver, triggered by an IOCTL call from user-space that writes board data. This issue could potentially be exploited to cause unintended behavior in the driver.

A memory corruption vulnerability has been identified in the Windows WLAN Host component of various chipsets. This issue arises when an IOCTL call is made from user-space to read board data, leading to improper memory handling.

A vulnerability exists in certain Qualcomm drivers, applications, or SMMU clients that allows for uncontrolled resource consumption. This issue arises when these entities attempt to access global registers through the SMMU, potentially leading to performance degradation or resource exhaustion.

A buffer over-read vulnerability has been identified in various chipsets of Qualcomm Snapdragon products, specifically within the Automotive Autonomy technology area. This vulnerability allows information disclosure while invoking the mailbox read API, potentially leading to unauthorized access to sensitive data.

A buffer over-read vulnerability has been identified in the audio component of certain Qualcomm chipsets. This vulnerability allows for information disclosure by invoking the callback function of the sound model driver from the Audio Digital Signal Processor (ADSP). The issue arises for every valid opcode received from the sound model driver, leading to the unintentional exposure of sensitive information.

A vulnerability has been identified in certain Qualcomm products that allows for information disclosure. This issue arises when processing IOCTL calls related to releasing a trusted virtual machine process or opening a channel without properly initializing the process. As a result, sensitive information may be inadvertently exposed.

A memory corruption vulnerability has been identified in certain Qualcomm products, arising from the handling of frame command IOCTL calls. This issue could potentially be exploited to cause unintended behavior or damage to memory.

A use-after-free vulnerability has been identified in various chipsets of Qualcomm products, including those in the Automotive Software platform based on QNX, Windows WLAN Host, and several chipsets used in mobile and automotive applications. This vulnerability allows memory corruption by improperly managing DMA buffers during IOCTL operations, which could potentially be exploited to cause unauthorized memory access or manipulation.

A memory corruption vulnerability has been identified in certain Qualcomm chipsets within the computer vision component. This issue arises from a lack of input parameter validation for the number of fences in fence frame IOCTL calls, which can lead to memory corruption.

A vulnerability allowing information disclosure has been identified in Qualcomm automotive chipsets. This issue arises when the mailbox write API is invoked with messages larger than the mailbox size, leading to unintended information exposure.

A buffer overflow vulnerability has been identified in various chipsets of Qualcomm products, including those in the Snapdragon 8 Gen 3 Mobile Platform and several Windows WLAN Host chipsets. This vulnerability allows for memory corruption by processing IPA statistics when no active clients are registered, potentially leading to unauthorized memory access or manipulation.

A SQL injection vulnerability has been identified in the Email Subscribers by Icegram Express WordPress plugin, affecting versions prior to 5.7.44. The issue arises because the plugin fails to properly sanitize and escape a parameter before incorporating it into a SQL statement. This oversight enables administrators to execute SQL injection attacks.

A stored cross-site scripting vulnerability has been identified in the Icegram Engage WordPress plugin, affecting versions prior to 3.1.32. The issue arises because the plugin fails to properly sanitize and escape certain campaign settings, potentially allowing users with author privileges and above to inject malicious scripts that are stored and executed later.

A stored cross-site scripting vulnerability has been identified in the Pods WordPress plugin, affecting versions prior to 3.2.8.1. The issue arises because the plugin fails to properly sanitize and escape certain settings. This flaw enables high-privilege users, such as administrators, to execute stored cross-site scripting attacks, even in environments where the unfiltered_html capability is restricted, such as multisite setups.

A cross-site scripting (XSS) vulnerability has been identified in the Tourmaster WordPress plugin, affecting versions prior to 5.3.4. The issue arises because the plugin fails to properly sanitize and escape certain parameters before displaying them on the page. This oversight could enable unauthenticated users to execute XSS attacks.

A critical out-of-bounds write vulnerability has been identified in the Modem component of various MediaTek chipsets. This issue arises from a missing bounds check, which could allow remote code execution. The vulnerability can be exploited if a user equipment (UE) connects to a rogue base station controlled by an attacker. Notably, no additional execution privileges are required for exploitation, and user interaction is not needed.

A vulnerability exists in the WLAN STA driver that allows a client to be deceived into connecting to an access point (AP) with a fake SSID. This could result in remote information disclosure without requiring additional execution privileges. Exploitation does not need user interaction.

A vulnerability has been identified in the MediaTek WLAN Station (STA) driver, where improper exception handling creates a reachable assertion. This issue could lead to a local denial-of-service condition, but only if the attacker has already gained system privileges. Exploitation does not require user interaction.

A vulnerability has been identified in the Modem component of certain MediaTek chipsets, where an out-of-bounds write can occur due to an improper bounds check. This vulnerability could lead to local escalation of privileges, but requires that the attacker has already obtained System privileges. The issue can be exploited without user interaction.

A logic error in the Modem component of various MediaTek chipsets can cause a system crash, leading to a remote denial-of-service condition. This vulnerability does not require additional execution privileges or user interaction for exploitation.

A denial-of-service vulnerability has been identified in the MediaTek Modem component, affecting various chipsets. The issue arises from improper input validation, which can lead to a system crash. This vulnerability can be exploited remotely without requiring additional execution privileges or user interaction.

A vulnerability exists in the WLAN Station (STA) firmware of certain MediaTek chipsets, where improper input validation can lead to an out-of-bounds write. This vulnerability could be exploited to execute code remotely (or from an adjacent position) without requiring additional execution privileges. Exploitation does not need user interaction.

A vulnerability has been identified in the MediaTek WLAN STA driver, where improper input validation creates a potential out-of-bounds write condition. This vulnerability could be exploited to execute code remotely (or from a proximal/adjacent position) without requiring additional execution privileges. Notably, user interaction is not necessary for exploitation. The issue affects various chipsets, including MT2737, MT3603, MT6835, MT6878, MT6886, MT6897, MT6990, MT7902, MT7920, MT7922, MT8365, MT8518S, MT8532, MT8666, MT8667, MT8673, MT8755, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8796, MT8798, and MT8893. The vulnerability is present in the Android operating system versions 13.0, 14.0, and 15.0, as well as in the Yocto versions 3.3, 4.0, and 5.0.

A vulnerability exists in MediaTek's V6 DA due to a missing bounds check, allowing for a possible out-of-bounds write. This issue could lead to local escalation of privilege, but requires physical access to the device and user interaction for exploitation.

A vulnerability exists in MediaTek's V6 DA due to a missing bounds check, allowing for a possible out-of-bounds write. This issue could lead to local escalation of privileges, but requires physical access to the device and user interaction for exploitation.

A vulnerability exists in MediaTek's V6 DA due to a missing bounds check, allowing for a possible out-of-bounds write. This issue could lead to local escalation of privilege, but requires physical access to the device and user interaction for exploitation.

A vulnerability has been identified in the power component of certain MediaTek chipsets, where a missing bounds check could lead to an out-of-bounds write. This vulnerability allows for local escalation of privilege, but requires that the attacker has already obtained System privileges. The issue does not require user interaction to exploit.

A vulnerability allowing local escalation of privilege has been identified in the m4u component of certain MediaTek chipsets. This issue arises from a possible out-of-bounds write caused by a missing bounds check, which could be exploited if a malicious actor has already gained System privileges. The vulnerability does not require user interaction for exploitation. Affected chipsets include MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8666, MT8667, MT8673, and MT8768. The vulnerability affects several different software versions, including Android 12.0, 13.0, 14.0, and 15.0.

A critical vulnerability allowing unrestricted file uploads has been identified in Zhenfeng13 My-Blog version 1.0. The issue resides in the upload function of the uploadController.java file, where uploaded files are not properly restricted. This flaw enables remote attackers to upload potentially malicious files, such as JSP web shells, which could be executed on the server.