CVSS: 8.5EPSS: 0%CPEs: 14EXPL: 0CVE-2023-51794
https://notcve.org/view.php?id=CVE-2023-51794
26 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.N113007-g8d24a28d06 permite a un atacante local ejecutar código arbitrario a través de libavfilter/af_stereowiden.c:120:69. • https://trac.ffmpeg.org/ticket/10746 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2024-23271 – webkitgtk: A malicious website may cause unexpected cross-origin behavior
https://notcve.org/view.php?id=CVE-2024-23271
24 Apr 2024 — A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior. Se solucionó un problema de lógica con controles mejorados. Este problema se solucionó en iOS 17.3 y iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. • https://support.apple.com/en-us/HT214055 • CWE-284: Improper Access Control CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2023-49502
https://notcve.org/view.php?id=CVE-2023-49502
19 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.n6.1-3-g466799d4f5 permite a un atacante local ejecutar código arbitrario a través de la función ff_bwdif_filter_intra_c en el componente libavfilter/bwdifdsp.c:125:5. • https://github.com/FFmpeg/FFmpeg • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2023-50010
https://notcve.org/view.php?id=CVE-2023-50010
19 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the set_encoder_id function in /fftools/ffmpeg_enc.c component. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.n6.1-3-g466799d4f5 permite a un atacante local ejecutar código arbitrario a través de la función set_encoder_id en el componente /fftools/ffmpeg_enc.c. • https://ffmpeg.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-31744
https://notcve.org/view.php?id=CVE-2024-31744
19 Apr 2024 — In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file. En Jasper 4.2.2, la función jpc_streamlist_remove en src/libjasper/jpc/jpc_dec.c:2407 tiene una vulnerabilidad de falla de aserción, lo que permite a los atacantes provocar un ataque de denegación de servicio a través de un archivo de imagen específico. • https://github.com/jasper-software/jasper/commit/6d084c53a77762f41bb5310713a5f1872fef55f5 • CWE-617: Reachable Assertion •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2023-51793
https://notcve.org/view.php?id=CVE-2023-51793
19 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.N113007-g8d24a28d06 permite a un atacante local ejecutar código arbitrario a través de libavutil/imgutils.c:353:9 en image_copy_plane. • https://ffmpeg.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-51798
https://notcve.org/view.php?id=CVE-2023-51798
19 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.N113007-g8d24a28d06 permite a un atacante local ejecutar código arbitrario a través de un error de excepción de punto flotante (FPE) en libavfilter/vf_minterpolate.c:1078:60 en interpolación. • https://ffmpeg.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.6EPSS: 0%CPEs: 19EXPL: 0CVE-2023-50186 – GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-50186
19 Apr 2024 — GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of metadata within AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data ... • https://gstreamer.freedesktop.org/security/sa-2023-0011.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 7.1EPSS: 0%CPEs: 27EXPL: 0CVE-2023-3758 – Sssd: race condition during authorization leads to gpo policies functioning inconsistently
https://notcve.org/view.php?id=CVE-2023-3758
18 Apr 2024 — A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. Se encontró una falla en la condición de ejecución en sssd donde la política de GPO no se aplica de manera consistente para los usuarios autenticados. Esto puede dar lugar a problemas de autorización inapropiados, otorgando o denegando acceso a recursos de manera inapropiada. • https://access.redhat.com/errata/RHSA-2024:1919 • CWE-285: Improper Authorization CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 0CVE-2024-31578
https://notcve.org/view.php?id=CVE-2024-31578
17 Apr 2024 — FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. Se descubrió que la versión n6.1.1 de FFmpeg contenía un heap use-after-free a través de la función av_hwframe_ctx_init. • https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179 • CWE-416: Use After Free •