![]() Jellyfin-web is the web client for Jellyfin, a free-software media system. In vidtv_stop_streaming, after dvb->mux=NULL occurs, it executes vidtv_mux_stop_thread(dvb->mux). There is a NULL pointer dereference in vidtv_mux_stop_thread. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.Īn issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. NOTE: this issue exists because of an incomplete fix for CVE-2023-35936 (failure to properly account for double encoded path names).Ĭross-Site Request Forgery (CSRF) vulnerability in Media Library Helper plugin sem) is called. It only affects systems that pass untrusted user input to Pandoc and allow Pandoc to be used to produce a PDF or with the -extract-media option. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of the process running Pandoc. Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the -extract-media option or outputting to PDF format. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Social-media-skeleton is an uncompleted social media project. Successful exploitation of this vulnerability may cause unauthorized access. ![]() Vulnerability of configuration defects in the media module of certain products. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. ![]() Social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. There are no known workarounds for this vulnerability. This has been addressed in version 1.0.5 and all users are advised to upgrade. Prior to version 1.0.5 Social media skeleton did not properly restrict CSRF attacks. This can be done by sending the victim a malicious link or by exploiting a vulnerability in the website. A Cross-site request forgery (CSRF) attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do. Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. There are no known workarounds for this issue. ![]() This issue has been addressed in version 1.0.5 and users are advised to upgrade. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords. Social media skeleton releases prior to 1.0.5 did not properly limit manage user session lifecycles. Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. The associated identifier of this vulnerability is VDB-236183. It is recommended to upgrade the affected component. The exploit has been disclosed to the public and may be used. The manipulation leads to cross site scripting. This issue affects some unknown processing of the file /web/. ![]() A vulnerability was found in Media Browser Emby Server 4.7.13.0 and classified as problematic. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |