18 matches found
CVE-2026-34755
A flaw was found in vLLM, an inference and serving engine for large language models. A remote attacker can exploit a vulnerability in the VideoMediaIO.loadbase64 method by sending a single API request containing a large number of comma-separated base64-encoded JPEG frames. This bypasses the...
vLLM 安全漏洞
vLLM is an open-source solution designed for LLM-based models, featuring high throughput and memory-efficient reasoning and service engines. Versions of vLLM prior to 0.7.0 to 0.19.0 contained security vulnerabilities. These vulnerabilities stemmed from the VideoMediaIO.loadbase64 method not...
EUVD-2025-198650
Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to “/alarms//”, where the “MEDIA” parameter can take the value of “snapshot” or “video.mp4”. These media files contain images...
EUVD-2019-2414
Malware in sbrugna...
media: vidtv: Terminating the subsequent process of initialization failure
...
DRUPAL-CONTRIB-2025-092
This module allows you to manage video media items using the COOKiES module disabling external video elements. These elements will be enabled again, once the COOKiES banner is accepted. The module doesn't sufficiently check whether to convert "data-src" attributes to "src" when their value might...
CVE-2019-10610
Possible buffer over read when trying to process SDP message Video media line with frame-size attribute in video Media line in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...
tvavicenza.gruppovideomedia.it Cross Site Scripting vulnerability OBB-2654778
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2019-10610
Possible buffer over read when trying to process SDP message Video media line with frame-size attribute in video Media line in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...
Buffer overflow
Possible buffer over read when trying to process SDP message Video media line with frame-size attribute in video Media line in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...
CVE-2019-10610
Possible buffer over read when trying to process SDP message Video media line with frame-size attribute in video Media line in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...
CVE-2019-10610
CVE-2019-10610 affects Qualcomm/Snapdragon video components where a buffer over-read can occur while parsing an SDP video media line with a frame-size attribute. Affected products include a wide range of Snapdragon Auto/Compute/IoT platforms (APQ/MDM/SC/SDM lines). The root cause is an over-read ...
WordPress S3 Video Remote Shell Upload
Exploit Title : Wordpress S3 Video Plugin file upload Author : Manish Kishan Tanwar AKA error1046 Vendor Link : http://plugins.svn.wordpress.org/s3-video/tags/0.91/ Affected Version: below version 0.91 Date : 9/12/2015 Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Sin...
DEBIAN-CVE-2012-0023
Double free vulnerability in the getchunkheader function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted TiVo TY file...
DEBIAN-CVE-2012-0885
chansip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the ressrtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted SDP message with a crypto attribu...
Null pointer dereference
chansip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the ressrtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted SDP message with a crypto attribu...
CVE-2012-0885
chansip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the ressrtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted SDP message with a crypto attribu...
Apple QuickTime多个远程缓冲区溢出漏洞
Apple QuickTime是一款流行的多媒体播放器,支持多种媒体格式。 QuickTime在处理各种媒体格式时存在多个缓冲区溢出漏洞,远程攻击者可能利用这些漏洞通过诱使用户打开处理畸形媒体文件控制用户机器。 具体条目如下: QuickTime处理3GP视频文件时存在整数溢出。如果用户受骗打开了恶意的电影的话,就会触发这个溢出,导致拒绝服务或执行任意代码。(CVE-2007-0711) QuickTime处理MIDI文件时存在堆溢出。如果用户受骗打开了恶意的MIDI文件的话,就会触发这个溢出,导致拒绝服务或执行任意代码。(CVE-2007-0712)...