|
2401
|
9.8 |
CRITICAL
Network
gstreamer_project
debian
|
gstreamer
debian_linux
|
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability …
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2024-47606
|
2024-12-19 06:35 |
2024-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2402
|
7.5 |
HIGH
Network
gstreamer_project
|
gstreamer
|
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matro…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-47603
|
2024-12-19 06:28 |
2024-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2403
|
7.5 |
HIGH
Network
gstreamer_project
|
gstreamer
|
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within mat…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-47602
|
2024-12-19 06:27 |
2024-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2404
|
- |
|
-
|
-
|
Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the `security.checkOrigin` configura…
|
CWE-352
Origin Validation Error
|
CVE-2024-56140
|
2024-12-19 06:15 |
2024-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2405
|
- |
|
-
|
-
|
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
|
-
|
CVE-2024-45338
|
2024-12-19 06:15 |
2024-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2406
|
- |
|
-
|
-
|
A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site …
|
-
|
CVE-2024-12686
|
2024-12-19 06:15 |
2024-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2407
|
- |
|
-
|
-
|
Misskey is an open source, federated social media platform.In affected versions missing validation in `NoteCreateService.insertNote`, `ApPersonService.createPerson`, and `ApPersonService.updatePerson…
|
CWE-20
Improper Input Validation
|
CVE-2024-52593
|
2024-12-19 05:15 |
2024-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2408
|
- |
|
-
|
-
|
Misskey is an open source, federated social media platform. In affected versions missing validation in `ApInboxService.update` allows an attacker to modify the result of polls belonging to another us…
|
CWE-20
Improper Input Validation
|
CVE-2024-52592
|
2024-12-19 05:15 |
2024-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2409
|
- |
|
-
|
-
|
Misskey is an open source, federated social media platform. Some APIs using `HttpRequestService` do not properly check the target host. This vulnerability allows an attacker to send POST or GET reque…
|
CWE-20
CWE-918
Improper Input Validation
Server-Side Request Forgery (SSRF)
|
CVE-2024-52579
|
2024-12-19 05:15 |
2024-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2410
|
- |
|
-
|
-
|
Misskey is an open source, federated social media platform. In affected versions missing validation in `ApRequestService.signedGet` and `HttpRequestService.getActivityJson` allows an attacker to crea…
|
CWE-20
Improper Input Validation
|
CVE-2024-52591
|
2024-12-19 05:15 |
2024-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
