|
247101
|
5.5 |
MEDIUM
Local
|
axiosys
|
bento4
|
There exists one NULL pointer dereference vulnerability in AP4_JsonInspector::AddField in Ap4Atom.cpp in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 fil…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-14543
|
2024-11-21 12:49 |
2018-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247102
|
9.8 |
CRITICAL
Network
|
axiosys
|
bento4
|
An issue was discovered in Bento4 1.5.1-624. There is a heap-based buffer over-read in AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp after a call from Mp42Hls.cpp, a related issue …
|
CWE-125
Out-of-bounds Read
|
CVE-2018-14532
|
2024-11-21 12:49 |
2018-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247103
|
9.8 |
CRITICAL
Network
|
axiosys
|
bento4
|
An issue was discovered in Bento4 1.5.1-624. There is an unspecified "heap-buffer-overflow" crash in the AP4_HvccAtom class in Core/Ap4HvccAtom.cpp.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-14531
|
2024-11-21 12:49 |
2018-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247104
|
6.1 |
MEDIUM
Network
|
xiao5ucompany_project
|
xiao5ucompany
|
Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements).
|
CWE-79
Cross-site Scripting
|
CVE-2018-14527
|
2024-11-21 12:49 |
2018-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247105
|
6.5 |
MEDIUM
Network
|
gnu
|
libredwg
|
dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.
|
CWE-415
Double Free
|
CVE-2018-14524
|
2024-11-21 12:49 |
2018-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247106
|
8.8 |
HIGH
Network
|
aubio
opensuse
suse
|
aubio
leap
linux_enterprise
|
An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-14523
|
2024-11-21 12:49 |
2018-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247107
|
8.8 |
HIGH
Network
|
aubio
opensuse
suse
|
aubio
leap
linux_enterprise
|
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-14522
|
2024-11-21 12:49 |
2018-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247108
|
8.8 |
HIGH
Network
|
aubio
|
aubio
|
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-14521
|
2024-11-21 12:49 |
2018-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247109
|
6.1 |
MEDIUM
Network
|
seacms
|
seacms
|
SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14517
|
2024-11-21 12:49 |
2018-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247110
|
9.8 |
CRITICAL
Network
|
wuzhi_cms_project
|
wuzhi_cms
|
A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter.
|
CWE-89
SQL Injection
|
CVE-2018-14515
|
2024-11-21 12:49 |
2018-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
