153 matches found
CVE-2025-70116
A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields e.g., codec/mime/profile strings. gfmediamapesd then calls strlen on a NULL pointer, triggering a crash ASan SEGV...
CVE-2025-70116
A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields e.g., codec/mime/profile strings. gfmediamapesd then calls strlen on a NULL pointer, triggering a crash ASan SEGV...
CVE-2025-70116
A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields e.g., codec/mime/profile strings. gfmediamapesd then calls strlen on a NULL pointer, triggering a crash ASan SEGV...
CVE-2025-70116
A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields e.g., codec/mime/profile strings. gfmediamapesd then calls strlen on a NULL pointer, triggering a crash ASan SEGV...
Ubuntu 25.10 : GStreamer Good Plugins vulnerability (USN-8285-1)
The remote Ubuntu 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8285-1 advisory. It was discovered that GStreamer Good Plugins incorrectly handled certain MOV/MP4 media files. A remote attacker could use this issue to cause GStreamer Good Plugins ...
Oracle Linux 9 : nginx (ELSA-2026-18029)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18029 advisory. - Resolves: RHEL-176230 - nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 - Resolves: RHEL-159557 - CVE-2026-27654 nginx: NGINX: Denial of...
nginx:1.24 security update
1.24.0-3.0.1.1 - Remove Red Hat references Orabug: 29498217 1:1.24.0-3.1 - Resolves: RHEL-176224 - nginx:1.24/nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 1:1.24.0-3 - Resolves: RHEL-157877 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of Service or Code Execution via...
nginx security update
2:1.20.1-24.0.1.el97.3 - Reference oracle-indexhtml within Requires Orabug: 33802044 - Remove Red Hat references Orabug: 29498217 - Update upstream references Orabug: 36579090 2:1.20.1-24.3 - Resolves: RHEL-176230 - nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 2:1.20.1-24.2...
nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files
A flaw was found in NGINX's ngxhttpmp4module. This Out-of-Bounds Read/Write vulnerability occurs due to improper handling of specially crafted MP4 files. A local authenticated attacker, by supplying a malicious MP4 file, can trigger a buffer over-read or overwrite in worker memory. This can lead ...
NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file
A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...
CLSA-2026-1778142227 nginx: Fix of 2 CVEs
CVE-2026-27651: fix null pointer dereference in ngxmailauthhttpmodule when authentication retry is enabled with CRAM-MD5 or APOP - CVE-2026-32647: fix buffer over-read/write in ngxhttpmp4module when processing crafted mp4 files with empty stco/co64 atoms...
RHEL 9 : nginx (RHSA-2026:14836)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14836 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...
Important: Red Hat Security Advisory: nginx security update
An update for nginx is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
RHEL 10 : nginx (RHSA-2026:13634)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13634 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...
nginx:1.26 security update
2:1.26.3-2.0.1.1 - Require oracle-indexhtml 2:1.26.3-6 - Resolves: RHEL-157887 - CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files 2:1.26.3-5 - Resolves: RHEL-159446 - CVE-2026-27651 nginx:1.26/nginx: NGINX: Denial of Service via undisclos...
RLSA-2026:6906 Important: nginx security update
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...
nginx security update
An update is available for nginx. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other protocols, with a...
nginx:1.24 security update
An update is available for module.nginx, nginx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other...
RLSA-2026:6923 Important: nginx:1.24 security update
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...
Important: nginx security update
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...