SUSE CVE-2026-41457

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

EUVD-2026-24587

OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access to the global DAAP session list. Attackers can flood the DAAP /login endpoint with concurrent...

EUVD-2026-24585

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

CVE-2026-41457

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

CVE-2026-41457 OwnTone Server < 29.1 SQL Injection via query and filter Parameters

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

CVE-2026-41457 OwnTone Server < 29.1 SQL Injection via query and filter Parameters

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

OwnTone SQL注入漏洞

OwnTone is an open-source Linux/FreeBSD DAAP iTunes, MPD Music Player Daemon, and RSP Roku media server. Versions 28.4 to 29.0 of OwnTone have a SQL injection vulnerability. This vulnerability stems from insufficient cleaning of the query= and filter= parameters during DAAP queries and filter...

OwnTone 竞争条件问题漏洞

OwnTone is an open-source Linux/FreeBSD DAAP iTunes, MPD Music Player Daemon, and RSP Roku media server developed by OwnTone. Versions 28.4 to 29.0 of OwnTone have a vulnerability related to concurrency issues. This vulnerability stems from the lack of synchronization when accessing the global DA...

CVE-2026-26828

A NULL pointer dereference in the daapreplyplaylists function src/httpddaap.c of owntone-server commit 3d1652d allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

PT-2026-27146

A NULL pointer dereference in the daap reply playlists function src/httpd daap.c of owntone-server commit 3d1652d allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

Apple macOS Audio APAC Frame Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the decoding of audio...

SUSE CVE-2025-63648

A NULL pointer dereference in the dacpreplyplayqueueeditmove function src/httpddacp.c of owntone-server commit b7e385f allows attackers to cause a Denial of Service DoS via sending a crafted DACP request to the server...

CVE-2025-57156

NULL pointer dereference in the dacpreplyplayqueueeditclear function in src/httpddacp.c in owntone-server through commit 6d604a1 newer commit after version 28.12 allows remote attackers to cause a Denial of Service crash...

CVE-2025-63647

A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server (commit 334beb) allows a crafted DAAP request to trigger a Denial of Service. The CVE-2025-63647 entry has a CVSS v3.1 base score of 7.5 (HIGH) with network attack vector and low complexity. Multiple vendor...

CVE-2025-63647

A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

EUVD-2017-5818

Malware in sbrugna...

Sound4 PULSE-ECO AES67 安全漏洞

The Sound4 PULSE-ECO AES67 is a radio station audio processing device from Sound4 France. A security vulnerability exists in the Sound4 PULSE-ECO AES67 version 1.22, which stems from a firmware update mechanism that does not validate the integrity of manual.sh, and could lead to remote code...

The vulnerability of the Low Energy Audio Protocol (LEAP) operating system on iOS allows a hacker to execute arbitrary code.

The vulnerability of the Low Energy Audio Protocol LEAP in the iOS operating system exists due to the lack of proper checks on commands sent using LEAP. Exploiting this vulnerability allows a malicious actor to remotely exploit buffer overflows and gain full control over the device...

Apple Bluetooth LEAP and Apple TV Heap Buffer Overflow Vulnerability

Low-Energy Audio Protocol LEAP, a protocol designed to transmit audio streams to low-energy audio peripherals such as low-energy headphones or Siri Remote, Apple TV is a high-definition television set-top box product from Apple, which allows users to watch television programs online via Apple TV ...

CVE-2017-14315

In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP Low Energy Audio Protocol, a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attack...