Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type. Date published : 2021-04-21 https://github.com/wikimedia/analytics-quarry-web/commit/4b7e1d6a3a52ec6cf826a971135a38b0f74785d2 https://quarry.wmflabs.org/
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c. Date published : 2021-04-21 https://github.com/gpac/gpac/commit/a4eb327049132359cae54b59faec9e2f14c5a619 https://github.com/gpac/gpac/issues/1660
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c. Date published : 2021-04-21 https://github.com/gpac/gpac/commit/dae9900580a8888969481cd72035408091edb11b https://github.com/gpac/gpac/issues/1659
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c. Date published : 2021-04-21 https://github.com/gpac/gpac/commit/5aba27604d957e960d8069d85ccaf868f8a7b07a https://github.com/gpac/gpac/issues/1661
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c. Date published : 2021-04-21 https://github.com/gpac/gpac/commit/b15020f54aff24aaeb64b80771472be8e64a7adc https://github.com/gpac/gpac/issues/1662
The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive information from the system, such as usernames...
Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file...
Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security....
An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service. Date published : 2021-04-21 https://github.com/gpac/gpac/commit/ce01bd15f711d4575b7424b54b3a395ec64c1784...
An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. Date published : 2021-04-21 https://github.com/gpac/gpac/commit/093283e727f396130651280609e687cd4778e0d1 https://github.com/gpac/gpac/issues/1564
An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service. Date published : 2021-04-21 https://github.com/gpac/gpac/commit/9eeac00b38348c664dfeae2525bba0cf1bc32349...
An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. Date published : 2021-04-21 https://github.com/gpac/gpac/commit/8e05648d6b4459facbc783025c5c42d301fef5c3 https://github.com/gpac/gpac/issues/1568
An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read. Date published : 2021-04-21 https://sourceforge.net/p/giflib/bugs/151/ https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
An issue was discovered in fast_ber through v0.4. yy::yylex() in asn_compiler.hpp has a heap-based buffer over-read. Date published : 2021-04-21 https://github.com/Samuel-Tyler/fast_ber/issues/30