BIT-NGINX-INGRESS-CONTROLLER-2022-41742

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...

BIT-NGINX-INGRESS-CONTROLLER-2022-41743

NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttphlsmodule that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when...

SUSE-SU-2023:4360-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files bsc1215793...

UBUNTU-CVE-2023-46927

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gfisomusecompactsize gpac/src/isomedia/isomwrite.c:3403:3 in gpac/MP4Box...

CVE-2023-45511

A memory leak in tsMuxer version git-2539d07 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

PT-2023-29567 · Tsmuxer · Tsmuxer

Name of the Vulnerable Software and Affected Versions: tsMuxer version git-2539d07 Description: A memory leak in tsMuxer allows attackers to cause a Denial of Service DoS via a crafted MP4 file. Recommendations: For tsMuxer version git-2539d07, consider updating to a newer version that contains a...

CVE-2023-43271

Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols...

The vulnerability of the MXF File Parser component in the Gstreamer multimedia framework allows a hacker to execute arbitrary code.

The vulnerability of the MXF File Parser component in the Gstreamer multimedia framework is related to integer overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by loading a specially crafted MFX video file...

Amazon Linux 2 : nginx (ALASNGINX1-2023-001)

The version of nginx installed on the remote host is prior to 1.22.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NGINX1-2023-001 advisory. NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, a...

Low: nginx

Issue Overview: No CVE associated with this advisory Affected Packages: nginx Issue Correction: Run dnf update nginx --releasever 2023.0.20230322 or dnf update --advisory ALAS2023-2023-090 --releasever 2023.0.20230322 to update your system. More information on how to update your system can be fou...

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2023-090)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-090 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...

UBUNTU-CVE-2023-1450

A vulnerability was found in MP4v2 2.1.2 and classified as problematic. This issue affects the function DumpTrack of the file mp4trackdump.cpp. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The...

FreeBSD : libde256 -- multiple vulnerabilities (421c0af9-b206-11ed-9fe5-f4a47516fb57)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 421c0af9-b206-11ed-9fe5-f4a47516fb57 advisory. - libde265 v1.0.4 contains a heap buffer overflow in the putepelhvfallback function, which can...

SUSE CVE-2015-1206

Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service unpaged memory write and process crash via a crafted MP4 file...

SUSE CVE-2015-9105

Multiple cross-site scripting XSS vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the 1 file name or 2 collection name of videos...

SUSE CVE-2016-5199

An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

SUSE CVE-2016-8595

The gsmparse function in libavcodec/gsmparser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service assert fault via a crafted AVI file...

SUSE CVE-2017-5037

An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer...

SUSE CVE-2017-5837

The gstriffcreateaudiocaps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service floating point exception and crash via a crafted video file...

SUSE CVE-2017-7208

The decoderesidual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service buffer over-read or obtain sensitive information from process memory via a crafted h264 video file...