CVE-2024-0643
published 2024-01-17CVE-2024-0643: Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.67%
47.3th percentile
Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cires21 | c21_live_encoder_and_live_mosaic | — | — |
| cires21 | live_encoder | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cisa8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gh84-qgjx-4xm7: Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5
ghsa_unreviewed·2024-01-17
CVE-2024-0643 [CRITICAL] CWE-434 GHSA-gh84-qgjx-4xm7: Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5
Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise.
CISA
Adobe Flash Player Incorrect Default Permissions Vulnerability
cisa·2024-09-17·CVSS 8.8
CVE-2013-0643 [HIGH] CWE-264 Adobe Flash Player Incorrect Default Permissions Vulnerability
Vulnerability: Adobe Flash Player Incorrect Default Permissions Vulnerability
Affected: Adobe Flash Player
Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.
Required Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Notes: https://www.adobe.com/products/flashplayer/end-of-life-alternative.html#eol-alternative-faq ; https://nvd.nist.gov/vuln/detail/CVE-2013-0643
Remediation Due Date: 2024-10-08
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-01-17
Published