29 matches found
CVE-2026-41127
BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authorization that allows viewers to inject/overwrite captions Version 3.0.24 tightened the permissions on who is able to submit captions. No known workarounds are available...
BigBlueButton 输入验证错误漏洞
BigBlueButton is an open-source web conferencing system developed by the BigBlueButton community. Versions of BigBlueButton prior to 3.0.24 contained a vulnerability related to input validation errors. This vulnerability stemmed from an open redirection issue in the get-parameter and logoutURL...
CVE-2026-41127
BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authorization that allows viewers to inject/overwrite captions Version 3.0.24 tightened the permissions on who is able to submit captions. No known workarounds are available...
CVE-2026-41127 BigBlueButton's missing authorization allows viewer to inject/overwrite captions
BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authorization that allows viewers to inject/overwrite captions Version 3.0.24 tightened the permissions on who is able to submit captions. No known workarounds are available...
CVE-2026-41127 BigBlueButton's missing authorization allows viewer to inject/overwrite captions
BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authorization that allows viewers to inject/overwrite captions Version 3.0.24 tightened the permissions on who is able to submit captions. No known workarounds are available...
CVE-2026-41126 BigBlueButton has Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL"
BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds...
PT-2026-34218
Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 3.0.24 Description A missing authorization allows viewers to inject or overwrite captions. Recommendations Update to version 3.0.24...
EUVD-2025-203849
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function grayscaleconvert is called base...
@achinet/nestjs-async (>=0.0.1 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +89 more potentially affected by unknown CVE via @asyncapi/openapi-schema-parser (=3.0.24)
@asyncapi/openapi-schema-parser NPM version =3.0.24 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/openapi-schema-parser and may be impacted: - @achinet/nestjs-async =0.0.1, =3.0.0, =0.2.44, =4.1.3, =0.7.1, =0.9.0, =1.10.0, =0.2.0, =0.1.0,...
openSUSE Security Update : privoxy (openSUSE-2016-130)
This update to Privoxy 3.0.24 fixes two minor security issues. The vulnerabilities should not be exploitable in the binary as compiled in openSUSE. - CVE-2016-1982: Corrupt chunk-encoded content could cause an invalid read boo963151 - CVE-2016-1983: Empty Host headers in client requests could...
CVE-2016-1982
The removechunkedtransfercoding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service invalid read and crash via crafted chunk-encoded content...
Samba 3.0.24 lsa_io_trans_names 堆溢出漏洞
No description provided by source...
Samba 3.0.24 lsa_io_trans_names 堆溢出漏洞
No description provided by source...
Samba 3.0.21-3.0.24 - LSA trans names Heap Overflow
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
Samba lsa_io_trans_names Heap Overflow
No description provided by source. $Id: lsatransnamesheap.rb 9021 2010-04-05 23:34:10Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
Samba 3.0.24 (Linux) - 'lsa_io_trans_names' Heap Overflow (Metasploit)
$Id: lsatransnamesheap.rb 9828 2010-07-14 17:27:23Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...
Samba lsa_io_trans_names Heap Overflow
This module triggers a heap overflow in the LSA RPC service of the Samba daemon. This module uses the TALLOC chunk overwrite method credit Ramon and Adriano, which only works with Samba versions 3.0.21-3.0.24. Additionally, this module will not work when the Samba "log level" parameter is higher...
Gentoo Security Advisory GLSA 200705-15 (samba)
The remote host is missing updates announced in advisory GLSA 200705-15. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Debian DSA-1590-1 : samba - buffer overflow
Alin Rad Pop discovered that Samba contained a buffer overflow condition when processing certain responses received while acting as a client, leading to arbitrary code execution CVE-2008-1105 . %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
Debian Security Advisory DSA 1409-1 (samba)
The remote host is missing an update to samba announced via advisory DSA 1409-1. OpenVAS Vulnerability Test $Id: deb14091.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1409-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...