9Emin1

**Name of the Vulnerable Software and Affected Versions** Subrion CMS versions 4.1.x through 4.1.5 Subrion CMS versions before 4.2.0 **Description** The issue arises from a logic error in the code, specifically in the ia.core.php file, where the CSRF detection functionality is called too late. This allows for potential attacks, such as those targeting the `query` parameter in the "panel/database" endpoint. **Recommendations** For Subrion CMS versions 4.1.x through 4.1.5, update to version 4.2.0 or later to resolve the issue. For Subrion CMS versions before 4.2.0, update to version 4.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the ia.core.php code and the "panel/database" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.0-616 **Description** The issue is related to a Read Memory Access Violation in the AP4 AtomSampleTable::GetSample function, located in Core/Ap4AtomSampleTable.cpp. This can be exploited by opening a specially crafted .MP4 file. **Recommendations** For Bento4 version 1.5.0-616, consider avoiding the use of the AP4 AtomSampleTable::GetSample function until a patch is available. As a temporary workaround, restrict the opening of .MP4 files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.0-616 **Description** The issue is related to a Write Memory Access Violation vulnerability in the SetItemCount function within the Core/Ap4StscAtom.h file of the Bento4 SDK. This vulnerability can be exploited by opening a specially crafted .MP4 file, potentially allowing the execution of arbitrary code. **Recommendations** For Bento4 version 1.5.0-616, consider avoiding the use of the SetItemCount function in the Core/Ap4StscAtom.h file until a patch is available. As a temporary workaround, restrict the opening of .MP4 files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.0-616 **Description** The issue is related to a Write Memory Access Violation vulnerability in the AP4 StscAtom class. This vulnerability can be exploited by opening a crafted .MP4 file, potentially allowing the execution of arbitrary code. **Recommendations** For Bento4 version 1.5.0-616, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.0-616 **Description** The issue is related to a Write Memory Access Violation vulnerability in the AP4 StssAtom class. This vulnerability can be exploited by opening a crafted .MP4 file, potentially allowing the execution of arbitrary code. **Recommendations** For Bento4 version 1.5.0-616, consider avoiding the use of the AP4 StssAtom class until a patch is available. As a temporary workaround, restrict the opening of .MP4 files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.0-616 **Description** The issue is related to a Read Memory Access Violation vulnerability in the AP4 StszAtom class, located in the Ap4StszAtom.cpp file. This vulnerability can be exploited by opening a specially crafted .MP4 file. **Recommendations** For Bento4 version 1.5.0-616, consider avoiding the use of the AP4 StszAtom class until a patch is available. As a temporary workaround, restrict the opening of .MP4 files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.