CVE-2026-26340

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of...

FLIR Systems AX8 Cameras Missing Authentication for Critical Function (CVE-2018-25139)

FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage. This plugin only wor...

EUVD-2005-4420

Malware in sbrugna...

CVE-2025-9983

GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera's behavior. The vendor did not respond in any way. Only...

CVE-2025-9983

The CVE-2025-9983 affects GALAYOU G2 IP cameras, where RTSP streams can be accessed without valid credentials. The issue arises because default credentials are not required to access streams, and changing them does not affect behavior, indicating an authentication bypass in the RTSP service. Affe...

USN-4853-1 liblivemedia vulnerabilities

It was discovered that liveMedia incorrectly handled certain network packets. An attacker could possibly use this issue to execute arbitrary code. CVE-2018-4013 It was discovered that liveMedia incorrectly handled certain network sessions. An attacker could possibly use this issue to cause a deni...

GStreamer Base Plugins: Heap-based buffer overflow

Background A well-groomed and well-maintained collection of GStreamer plug-ins and elements, spanning the range of possible types of elements one would want to write for GStreamer. Description It was discovered that GStreamer Base Plugins did not correctly handle certain malformed RTSP streams...

USN-3958-1: GStreamer Base Plugins vulnerability

It was discovered that GStreamer Base Plugins did not correctly handle certain malformed RTSP streams. If a user were tricked into opening a crafted RTSP stream with a GStreamer application, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code...

Improper access control

Incorrect access control in the RTSP stream and web portal on all IP cameras based on Hisilicon Hi3510 firmware until Webware version V1.0.1 allows attackers to view an RTSP stream by connecting to the stream with hidden credentials guest or user that are neither displayed nor configurable in the...

VLC Media Player Multiple Vulnerabilities (Mar 2012) - Linux

VLC Media Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VLC Media Player Multiple Vulnerabilities - Mar 12 (Windows)

This host is installed with VLC Media Player and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbvlcmediaplayermultvulnmar12win.nasl 8174 2017-12-19 12:23:25Z cfischer $ VLC Media Player Multiple Vulnerabilities - Mar 12 Windows Authors: Madhuri D Copyright: Copyright c 20...

Gentoo Security Advisory GLSA 200801-12 (xine-lib)

The remote host is missing updates announced in advisory GLSA 200801-12. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

mplayer & libxine -- MMS and Real RTSP buffer overflow vulnerabilities

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Debian Security Advisory DSA 1472-1 (xine-lib)

The remote host is missing an update to xine-lib announced via advisory DSA 1472-1. OpenVAS Vulnerability Test $Id: deb14721.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1472-1 xine-lib Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

xine-lib: User-assisted execution of arbitrary code

Background xine-lib is the core library package for the xine media player. Description Luigi Auriemma reported that xine-lib does not properly check boundaries when processing SDP attributes of RTSP streams, leading to heap-based buffer overflows. Impact An attacker could entice a user to play...

SuSE 10 Security Update : xine (ZYPP Patch Number 4926)

Specially crafted rtsp-Streams could cause a buffer overflow in xine. Attackers could potentially exploit that to execute arbitrary code. CVE-2008-0225 Additionally a security update of xorg-x11 revealed a bug in xine-ui. The xine user interface didn't display properly due to that. %NASLMINLEVEL...

openSUSE 10 Security Update : xine-devel (xine-devel-4917)

Specially crafted rtsp-Streams could cause a buffer overflow in xine. Attackers could potentially exploit that to execute arbitrary code CVE-2008-0225. Additionally a security update of xorg-x11 revealed a bug in xine-ui. The xine user interface didn't display properly due to that. %NASLMINLEVEL...

Debian DSA-1472-1 : xine-lib - buffer overflow

Luigi Auriemma discovered that the Xine media player library performed insufficient input sanitising during the handling of RTSP streams, which could lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

CVE-2005-4425

Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service crash via certain RTSP streams...

CVE-2005-4425

Kerio WinRoute Firewall prior to version 6.1.3 is affected by a vulnerability that allows remote attackers to cause a denial of service (crash) via certain RTSP streams. The issue appears in the version range before 6.1.3; exact root cause is not detailed in the provided documents. Public referen...