Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a security vulnerability, which was caused by improper implementation of the Media component. This vulnerability could allow remote attackers to bypass the origin policy using...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.179 contained a security vulnerability caused by GFX type confusion, which could allow remote attackers to achieve sandbox escape through specially crafted video files...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability caused by Codecs integer overflow. This vulnerability could allow remote attackers to exploit the system through specially crafted video files, resulting in...

nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files

A flaw was found in NGINX's ngxhttpmp4module. This Out-of-Bounds Read/Write vulnerability occurs due to improper handling of specially crafted MP4 files. A local authenticated attacker, by supplying a malicious MP4 file, can trigger a buffer over-read or overwrite in worker memory. This can lead ...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a buffer overflow vulnerability. This vulnerability stemmed from excessive reading by WebCodecs, which could allow remote attackers to execute out-of-bound memory reads through...

AlmaLinux 9 : nginx:1.26 (ALSA-2026:7343)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7343 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification via...

Google Chrome Codecs Component Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in the Google Chrome Codecs component, which can be exploited by an attacker to gain out-of-bounds memory access via specially crafted video files...

CVE-2026-6362

CVE-2026-6362 involves a memory safety defect in Google Chrome’s Codecs component (Chromium). A use-after-free in Codecs could enable a remote attacker to cause out-of-bounds memory access by parsing a specially crafted video file. The issue affects Chrome/Chromium releases prior to the patched b...

RLSA-2026:6907 Important: nginx:1.24 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...

RHEL 9 : nginx (RHSA-2026:7002)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7002 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...

nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files

A flaw was found in NGINX's ngxhttpmp4module. This Out-of-Bounds Read/Write vulnerability occurs due to improper handling of specially crafted MP4 files. A local authenticated attacker, by supplying a malicious MP4 file, can trigger a buffer over-read or overwrite in worker memory. This can lead ...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability caused by Media integer overflow. This vulnerability could allow remote attackers to exploit heap corruption through specially crafted video...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability caused by Media integer overflow. This vulnerability could allow remote attackers to exploit heap corruption through specially crafted video...

Important: nginx:1.24 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability due to insufficient Media data validation. This vulnerability could allow remote attackers to perform out-of-bound memory reads through specially crafted vid...

ALSA-2026:6906 Important: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability caused by Media integer overflow. This vulnerability could allow remote attackers to exploit heap corruption through specially crafted video...

nginx security update

2:1.26.3-2.0.1.1 - Reference oracle-indexhtml within Requires Orabug: 33802044 2:1.26.3-6 - Resolves: RHEL-157874 CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files 2:1.26.3-5 - Resolves: RHEL-159433 CVE-2026-27651 nginx: NGINX: Denial of Service via...

CVE-2019-25645 WinAVI iPod 3GP MP4 PSP Converter 4.4.2 Denial of Service

WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function ...

CVE-2019-25617

The CVE-2019-25617 entry involves Ease Audio Converter 5.30, specifically the Audio Cutter function. A crafted MP4 file with an oversized buffer can be loaded via the Audio Cutter interface, enabling a local attacker to crash the application (denial of service). The issue is described as a local,...