PT-2026-34240

OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access to the global DAAP session list. Attackers can flood the DAAP /login endpoint with concurrent...

SUSE CVE-2026-26828

A NULL pointer dereference in the daapreplyplaylists function src/httpddaap.c of owntone-server commit 3d1652d allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

OwnTone 安全漏洞

OwnTone is an open-source Linux/FreeBSD DAAP iTunes, MPD Music Player Daemon, and RSP Roku media server. OwnTone has a security vulnerability that stems from a null pointer dereferencing in the daapreplyplaylists function. This vulnerability could allow attackers to cause denial of service by...

EUVD-2009-0029

Malware in sbrugna...

EUVD-2018-10083

Malware in sbrugna...

EUVD-2020-5620

Malware in sbrugna...

EUVD-2023-37254

Malicious code in bioql PyPI...

CVE-2024-58101

Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As a consequence, audio playback takeover or even microphone recording without user consent or notification is achieved. Note: This is considered a low severity...

Linux Distros Unpatched Vulnerability : CVE-2019-15927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function buildaudioprocunit in the file sound/usb/mixer.c...

runofast Indoor Security Camera for Baby Monitor 安全漏洞

runofast Indoor Security Camera for Baby Monitor is a 1080P HD home monitoring device for baby monitoring. A security vulnerability exists in the runofast Indoor Security Camera for Baby Monitor that stems from the default password for the root account being password. this allows access to the...

FakeCalls Vishing Malware Targets South Korean Users via Popular Financial Apps

An Android voice phishing aka vishing malware campaign known as FakeCalls has reared its head once again to target South Korean users under the guise of over 20 popular financial apps. "FakeCalls malware possesses the functionality of a Swiss army knife, able not only to conduct its primary aim b...

SUSE CVE-2017-10796

On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264hd.sdp URL...

CVE-2022-28760

Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions...

Zoom On-Premise Meeting Connector 安全漏洞

Zoom On-Premise Meeting Connector is a meeting connector from Zoom USA. A security vulnerability exists in versions prior to Zoom On-Premise Meeting Connector MMR 4.8.20220815.130, which stems from the inclusion of incorrect access control, and can be exploited by an attacker to gain access to...

Unspecified Vulnerability in Mattermost Desktop App (CNVD-2020-41482)

Mattermost Desktop App is a messaging desktop application from Mattermost USA. A security vulnerability exists in Mattermost Desktop App versions prior to 4.0.0 that stems from the program not properly handling the same-origin policy setPermissionRequestHandler. An attacker could exploit the...

CVE-2019-9483

Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door...

CVE-2018-18352

Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page...

Vulnerability Spotlight: Multiple Simple DirectMedia Layer Vulnerabilities

Discovered by Lilith Wyatt of Cisco Talos Overview Talos is disclosing several vulnerabilities identified in Simple DirectMedia Layer's SDL2Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio...

Unspecified Vulnerability in Papenmeier WiFi Baby Monitor Free&Lite

Papenmeier WiFi Baby Monitor Free&Lite is a mobile application for wireless baby monitor from Papenmeier, Germany. A security vulnerability exists in Papenmeier WiFi Baby Monitor Free&Lite. A remote attacker can exploit the vulnerability by sending requests to TCP ports 8258 and 8257 to obtain...

CVE-2017-10796

On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264hd.sdp URL...