195 matches found
CVE-2020-27607
In BigBlueButton before 2.2.28 or earlier, the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or...
Huawei EulerOS: Security Advisory for libvorbis (EulerOS-SA-2018-1105)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for libvorbis (EulerOS-SA-2018-1104)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Unspecified Vulnerability in Apple iOS and iPadOS Photos Component
Apple iOS is an operating system for mobile devices developed by Apple. A security vulnerability exists in the Photos component of Apple iOS before 13.3 and iPadOS before 13.3. An attacker could exploit the vulnerability to share Live Photo audio and video data even if Live Photo is not enabled...
NewStart CGSL CORE 5.04 / MAIN 5.04 : libvorbis Vulnerability (NS-SA-2019-0026)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libvorbis packages installed that are affected by a vulnerability: - An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to...
NewStart CGSL MAIN 4.05 : libvorbis Vulnerability (NS-SA-2019-0122)
The remote NewStart CGSL host, running version MAIN 4.05, has libvorbis packages installed that are affected by a vulnerability: - An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or,...
NewStart CGSL MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0017)
The remote NewStart CGSL host, running version MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enoug...
Improper access control
Yeelight Smart AI Speaker 3.3.100074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log file, or access other sensitive device and user...
CVE-2018-20007
CVE-2018-20007 affects Yeelight Smart AI Speaker version 3.3.10_0074. The vulnerability is due to improper access control over the UART interface, enabling a physical attacker to obtain a root shell and then exfiltrate audio data, read cleartext Wi‑Fi credentials in a log file, or access other se...
openSUSE Security Update : webkit2gtk3 (openSUSE-2019-705)
This update for webkit2gtk3 to version 2.20.5 fixes the following issues : Security issue fixed : - CVE-2018-12911: Fix off-by-one in xdgmimegetsimpleglobs bsc1101999. - CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4267, CVE-2018-4272, CVE-2018-4284:...
CVE-2018-12391
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. Note: this issu...
CVE-2018-12391
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. Note: this issu...
About the security content of iOS 11.4.1 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
About the security content of tvOS 11.4.1 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
Mozilla Firefox and Firefox ESR Unauthorized Access Vulnerability
Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the U.S. Firefox ESR is an extended support version of Firefox. A security vulnerability exists in the underlying Android service in Mozilla Firefox versions prior to 63 and Firefox ESR versions prior to 60.3 for...
Mozilla Firefox ESR < 60.3
The version of Firefox ESR installed on the remote Windows host is prior to 60.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-27 advisory. - When manipulating user events in nested loops while opening a document through script, it is possible to trigger a...
CVE-2018-12391
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. Note: this issu...
Apple iOS Information Disclosure Vulnerability (CNVD-2018-14968)
iOS is a mobile operating system developed by Apple Inc. Apple iOS suffers from an information disclosure vulnerability due to a cross-origin access error in the WebKit component that can be exploited by an attacker to obtain audio data...
Apple iTunes Security Updates (HT208933) - Windows
Apple iTunes is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:itunes"; ifdescription...
CVE-2018-5146
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox 59.0.1, Firefox ESR 52.7.2, and Thunderbird 52.7...