214 matches found
ROS-20231016-02
Vulnerability of libvpx multimedia library is related to incorrect handling of exceptional states when processing certain special format video data. when processing certain special-format video data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of...
libvpx: crash related to VP9 encoding in libvpx
A heap-based buffer overflow flaw was found in libvpx, a library used to process VP9 video codecs data. This issue occurs when processing certain specially formatted video data via a crafted HTML page, allowing an attacker to crash or remotely execute arbitrary code in an application, such as a w...
The vulnerability of the multimedia library libvpx arises from improper handling of exception states during the processing of certain special format video data. This vulnerability allows attackers to cause service failures.
The vulnerability of the multimedia library libvpx is related to incorrect processing of exception states during the processing of certain special format video data. Exploiting this vulnerability can allow a malicious actor to cause service failures through a specially created HTML page...
SUSE CVE-2015-3334
browser/ui/websitesettings/websitesettings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive...
SUSE CVE-2017-7718
hw/display/cirrusvgarop.h in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service out-of-bounds read and QEMU process crash via vectors related to copying VGA data via the cirrusbitbltropfwdtransp and cirrusbitbltropfwd functions...
Intel Edge Insights for Industrial 安全漏洞
Intel Edge Insights for Industrial is a pre-validated, ready-to-deploy software reference design for video and time series data ingestion from Intel Corporation Intel. A security vulnerability exists in Intel Edge Insights for Industrial prior to version 2.6.1 that stems from improper access...
CVE-2022-29235
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp...
PT-2022-19485 · Unknown · Bigbluebutton
Name of the Vulnerable Software and Affected Versions: BigBlueButton versions 2.2 through 2.3.17 BigBlueButton versions 2.4-rc-1 through 2.4-rc-5 Description: BigBlueButton is an open source web conferencing system. An attacker who is able to obtain the meeting identifier for a meeting on a serve...
av-codec (>=0.1.0 <=0.2.1), av-format (>=0.1.0 <=0.3.0) +3 more potentially affected by CVE-2021-25904 via av-data (>=0.1.0 <=0.2.2)
av-data CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.1 - libaom =0.2.0 - libvpx =0.1.0 Source cves: CVE-2021-25904 Source advisory: OSV:GHSA-352P-RHVQ-7G78...
Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices
Today, Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency “CISA” that affects millions of IoT devices that use the ThroughTek “Kalay” network. This vulnerability, discovered by researchers on Mandiant’s Red Team in late 2020,...
CVE-2020-25748
A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras firmware versions v342, v339. Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP...
Arbitrary Code Execution
ffmpeg is vulnerable to arbitrary code execution. The vulnerability exists as the studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service out-of-array access or possibly have unspecified other impact...
Lazysizes Cross-Site Scripting Vulnerability
lazysizes is a lightweight inert loader. It is mainly used for delayed loading of content such as images, iframes and scripts. A security vulnerability exists in lazysizes 5.2.0 and earlier versions, which stems from the program's failure to clean up the following attributes: data-vimeo,...
CVE-2020-6769
Missing Authentication for Critical Function in the Bosch Video Streaming Gateway VSG allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded...
Unspecified Vulnerability in Apple iOS and iPadOS Photos Component
Apple iOS is an operating system for mobile devices developed by Apple. A security vulnerability exists in the Photos component of Apple iOS before 13.3 and iPadOS before 13.3. An attacker could exploit the vulnerability to share Live Photo audio and video data even if Live Photo is not enabled...
Improper access control
A recently discovered security vulnerability affects all Bosch Video Management System BVMS versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System BIS with Video Engine, Access Professional Edition APE, Access Easy Controller AEC, Bosch Vide...
PT-2019-18378 · Bosch · Configuration Manager +7
Name of the Vulnerable Software and Affected Versions: Bosch Video Management System BVMS versions 9.0 and below DIVAR IP versions 2000 through 7000 Configuration Manager affected versions not specified Building Integration System BIS with Video Engine affected versions not specified Access...
FFmpeg 4.x < 4.0.4, 4.1.x < 4.1.2 Denial of Service (DoS) Vulnerability
FFmpeg is prone to a denial of service vulnerability. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software...
CVE-2019-11339
The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service out-of-array access or possibly have unspecified other impact via crafted MPEG-4 video data...
CVE-2019-9483
Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door...