Security Vulnerabilities - CVEs Published In November 2024
A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-11-29
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-11-29
Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-11-29
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory.
CVSS Score
9.8
EPSS Score
0.0
Published
2024-11-29
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-11-29
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-11-29
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.
CVSS Score
9.1
EPSS Score
0.002
Published
2024-11-29
FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer
CVSS Score
9.1
EPSS Score
0.002
Published
2024-11-29
FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-11-29
An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-11-29