Pandora Media, Inc. Security Vulnerabilities

CMSimple 5.15 Remote Shell Upload

...

CVE-2021-41330 Microsoft Windows Media Foundation Remote Code Execution Vulnerability

...

CVE-2021-41330 Microsoft Windows Media Foundation Remote Code Execution Vulnerability

...

Moderate: gstreamer1-plugins-good security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es): gstreamer-plugins-good: integer overflow leading to...

CVE-2023-36088

Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive...

CVE-2024-30278 Adobe Media Encoder 2024 TGA File parsing memory corruption

Media Encoder versions 23.6.5, 24.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in...

Dotclear 2.29 - Remote Code Execution Exploit

...

CVE-2024-30278 Adobe Media Encoder 2024 TGA File parsing memory corruption

Media Encoder versions 23.6.5, 24.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in...

Dotclear 2.29 - Remote Code Execution (RCE)

...

CVE-2020-1492 Media Foundation Memory Corruption Vulnerability

...

CVE-2020-1477 Media Foundation Memory Corruption Vulnerability

...

CVE-2024-38547 media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries The allocation failure of mycs->yuv_scaler_binary in load_video_binaries() is followed with a dereference of mycs->yuv_scaler_binary after the...

CVE-2020-1554 Media Foundation Memory Corruption Vulnerability

...

CVE-2020-1487 Media Foundation Information Disclosure Vulnerability

...

CVE-2020-1478 Media Foundation Memory Corruption Vulnerability

...

CVE-2020-1525 Media Foundation Memory Corruption Vulnerability

...

CVE-2024-39465

In the Linux kernel, the following vulnerability has been resolved: media: mgb4: Fix double debugfs remove Fixes an error where debugfs_remove_recursive() is called first on a parent directory and then again on a child which causes a kernel panic. [hverkuil: added Fixes/Cc...

CVE-2024-35919 media: mediatek: vcodec: adding lock to protect encoder context list

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect encoder context list Add a lock for the ctx_list, to avoid accessing a NULL pointer within the 'vpu_enc_ipi_handler' function when the ctx_list has been deleted due to an unexpected.....

CVE-2024-36976 Revert "media: v4l2-ctrls: show all owned controls in log_status"

In the Linux kernel, the following vulnerability has been resolved: Revert "media: v4l2-ctrls: show all owned controls in log_status" This reverts commit 9801b5b28c6929139d6fceeee8d739cc67bb2739. This patch introduced a potential deadlock scenario: [Wed May 8 10:02:06 2024] Possible unsafe...

CVE-2020-1379 Media Foundation Memory Corruption Vulnerability

...

CVE-2024-35919 media: mediatek: vcodec: adding lock to protect encoder context list

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect encoder context list Add a lock for the ctx_list, to avoid accessing a NULL pointer within the 'vpu_enc_ipi_handler' function when the ctx_list has been deleted due to an unexpected.....

Adobe Media Encoder < 23.6.5 / 24.0.0 < 24.3.0 Arbitrary code execution (APSB24-23) (macOS)

The version of Adobe Media Encoder installed on the remote macOS host is prior to 23.6.5, 24.3.0. It is, therefore, affected by a vulnerability as referenced in the APSB24-23 advisory. Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow ...

CVE-2023-52844 media: vidtv: psi: Add check for kstrdup

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: psi: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer...

Dotclear 2.29 Remote Code Execution

...

Exploit for Out-of-bounds Write in Microsoft

CVE-2022-37969 Windows Local Privilege Escalation PoC...

CVE-2023-52589 media: rkisp1: Fix IRQ disable race issue

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure....

CVE-2023-52459 media: v4l: async: Fix duplicated list deletion

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix duplicated list deletion The list deletion call dropped here is already called from the helper function in the line before. Having a second list_del() call results in either a warning (with...

CVE-2023-52459 media: v4l: async: Fix duplicated list deletion

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix duplicated list deletion The list deletion call dropped here is already called from the helper function in the line before. Having a second list_del() call results in either a warning (with...

CVE-2024-5021 WordPress Picture / Portfolio / Media Gallery <= 3.0.1 - Unauthenticated Server-Side Request Forgery

The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

CVE-2024-35920 media: mediatek: vcodec: adding lock to protect decoder context list

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect decoder context list Add a lock for the ctx_list, to avoid accessing a NULL pointer within the 'vpu_dec_ipi_handler' function when the ctx_list has been deleted due to an unexpected.....

CVE-2023-52565 media: uvcvideo: Fix OOB read

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix OOB read If the index provided by the user is bigger than the mask size, we might do an out of bound...

CVE-2024-35920 media: mediatek: vcodec: adding lock to protect decoder context list

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect decoder context list Add a lock for the ctx_list, to avoid accessing a NULL pointer within the 'vpu_dec_ipi_handler' function when the ctx_list has been deleted due to an unexpected.....

CVE-2024-5021 WordPress Picture / Portfolio / Media Gallery <= 3.0.1 - Unauthenticated Server-Side Request Forgery

The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting

School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability in admin/inc/navigation.php:126. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based....

CVE-2023-52844 media: vidtv: psi: Add check for kstrdup

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: psi: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer...

CVE-2023-52589 media: rkisp1: Fix IRQ disable race issue

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure....

CVE-2024-2328

The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up to, and including, 4.22.11 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2023-36460

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 3.5.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, attackers using carefully crafted media files can cause Mastodon's media processing code to create arbitrary files at any location. This allows...

Exploit for CVE-2022-30136

CVE-2022-30136 Windows Network File System Remote exploit PoC...

Chromium: CVE-2024-5496 Use after free in Media Session

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more...

WP Media folder < 5.7.3 - Missing Authorization to Authenticated(Subscriber+) Title Modification

Description The wp-media-folder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in all versions up to, and including, 5.7.2. This makes it possible for authenticated attackers, with subscriber access and above, to...

CVE-2024-5605 Media Library Assistant <= 3.16 - Authenticated (Contributor+) SQL Injection via order Parameter

The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-35717 WordPress Media Slider plugin <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through...

Moderate: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...

CVE-2024-20772 Adobe Media Encoder 2024 AI file parsing Stack based buffer overflow

Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

CVE-2024-38611 media: i2c: et8ek8: Don't strip remove function when driver is builtin

In the Linux kernel, the following vulnerability has been resolved: media: i2c: et8ek8: Don't strip remove function when driver is builtin Using __exit for the remove function results in the remove callback being discarded with CONFIG_VIDEO_ET8EK8=y. When such a device gets unbound (e.g. using...

CVE-2024-20772 Adobe Media Encoder 2024 AI file parsing Stack based buffer overflow

Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

Exploit for Improper Privilege Management in Minio

MinIO FIPS Builds MinIO creates FIPS builds using a patched...

Bare Metal Recovery Fails With "The requested security package does not exist."

This issue is caused by the WinRE.wim packaged in some early distributions of Server 2022. New Recovery Media must be created using Server 2019 or a newer version of Server...

Intel Media SDK Multiple Vulnerabilities (INTEL-SA-00935)

The version of Intel Media SDK installed on the remote host is affected by multiple vulnerabilities: Improper input validation in Intel Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. (CVE-2023-48368) Improper buffer...