HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14. Date published : 2021-04-20 https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368 https://www.hashicorp.com/blog/category/consul
The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. Date published : 2021-04-20 https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28&locale=zh
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to...
A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in...
GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. Date published : 2021-04-19 https://www.debian.org/security/2021/dsa-4900 http://packetstormsecurity.com/files/162952/Gstreamer-Matroska-Demuxing-Use-After-Free.html
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. Date published : 2021-04-19 https://www.debian.org/security/2021/dsa-4900 https://bugzilla.redhat.com/show_bug.cgi?id=1945339
The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Date published : 2021-04-19 https://github.com/gpac/gpac/commit/b2eab95e07cb5819375a50358d4806a8813b6e50 https://github.com/gpac/gpac/issues/1738
The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command. Date published : 2021-04-19 https://github.com/gpac/gpac/commit/cd3738dea038dbd12e603ad48cd7373ae0440f65 https://github.com/gpac/gpac/issues/1737
The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Date published : 2021-04-19 https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9 https://github.com/gpac/gpac/issues/1736
The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Date published : 2021-04-19 https://github.com/gpac/gpac/commit/3b84ffcbacf144ce35650df958432f472b6483f8 https://github.com/gpac/gpac/issues/1735
The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Date published : 2021-04-19 https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e https://github.com/gpac/gpac/issues/1706
The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. Date published : 2021-04-19 https://github.com/gpac/gpac/commit/87afe070cd6866df7fe80f11b26ef75161de85e0 https://github.com/gpac/gpac/issues/1734
Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. Date published : 2021-04-19 https://github.com/gpac/gpac/commit/2da2f68bffd51d89b1d272d22aa8cc023c1c066e https://github.com/gpac/gpac/issues/1705
Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. Date published : 2021-04-19 https://github.com/gpac/gpac/commit/758135e91e623d7dfe7f6aaad7aeb3f791b7a4e5 https://github.com/gpac/gpac/issues/1733