Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service. Date published : 2021-05-26 https://trac.ffmpeg.org/ticket/8240 https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html
Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service. Date published : 2021-05-26 http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765 https://trac.ffmpeg.org/ticket/8239
Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service. Date published : 2021-05-26 https://trac.ffmpeg.org/ticket/8241
Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary...
Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula. Date published : 2021-05-26 https://github.com/typora/typora-issues/issues/2204
Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical files it should not have access via symlinks in /tmp. Date published : 2021-05-26 https://swupdate.openvpn.net/downloads/privatetunnel/changelog.txt
An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges. Date...
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync. Date published...
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem’s documented behavior of using Marshal.load during XML document processing. Date published : 2021-05-25 https://github.com/PixarAnimationStudios/ruby-jss/blob/e6d48dd8c77f9275c76787d60d3472615fcd9b77/CHANGES.md#160—2021-05-24 https://github.com/patsplat/plist/tree/ce8f9ae42a114f603ea200c955e420782bffc4ad#label-Security+considerations
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has...
Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:///...
A stored cross-site scripting (XSS) vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation. Date...
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been...
Github’s CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing...