Güncel Güvenlik Açıkları

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. Devamını Oku Kaynak: NIST

An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-2678966 allows attackers to cause a Denial of Service (DoS) via a crafted file. Devamını Oku Kaynak: NIST

There is an Assertion `num <= INT_BIT' failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277. Devamını Oku Kaynak: NIST

tsMuxer git-2678966 was discovered to contain a heap-based buffer overflow via the function HevcUnit::updateBits in hevc.cpp. Devamını Oku Kaynak: NIST

tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp. Devamını Oku Kaynak: NIST

rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. Devamını Oku Kaynak: NIST

An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file. Devamını Oku Kaynak: NIST

The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system. Devamını Oku Kaynak: NIST

Argus Surveillance DVR v4.0 employs weak password encryption. Devamını Oku Kaynak: NIST

diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage…

Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database. Devamını Oku Kaynak: NIST

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. Devamını Oku Kaynak: NIST