Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

CVE-2022-22990: WDC-22002 My Cloud OS 5 Firmware 5.19.117 | Western Digital

A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts.

CVE
Open in Source
#vulnerability#debian#dos#git#php#rce#samba#auth#zero_day
CVE-2022-22991: WDC-22002 My Cloud OS 5 Firmware 5.19.117 | Western Digital

A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP.

CVE-2022-22988: WDC-22003 EdgeRover Desktop App Version 1.5.0-576 | Western Digital

File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources.

CVE-2021-40574: System abort (Core dumped) caused by buffer overflow using MP4Box in gf_text_get_utf8_line · Issue #1897 · gpac/gpac

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

CVE-2021-40572: Segmentation fault caused by double free using mp4box in av1dmx_finalize, reframe_av1.c:1075 · Issue #1893 · gpac/gpac

The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service.

CVE-2021-40576: fixed #1904 · gpac/gpac@ad18ece

The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gf_isom_get_payt_count function in hint_track.c, which allows attackers to cause a denial of service.

CVE-2021-40575: Segmentation fault casued by null pointer dereference using mp4box in mpgviddmx_process, reframe_mpgvid.c:643 · Issue #1905 · gpac/gpac

The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566.

CVE-2021-40571: fixed #1895 · gpac/gpac@a69b567

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

CVE-2021-40570: fixed #1899 · gpac/gpac@04dbf08

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

CVE-2021-40567: fixed #1885 · gpac/gpac@f5a038e

Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service.