Lucene search
K

22 matches found

Cvelist
Cvelist
added yesterday19 views

CVE-2026-14330 Pipewire: pulse server alloca stack overflow

Multiple unbounded alloca calls in the PulseAudio protocol server...

5.5CVSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-41006

RAOP module accepts unbounded Content-Length values and does not check the pwarrayadd return...

6.5CVSS5.8AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/23 1:23 a.m.19 views

SUSE CVE-2026-41457

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

6.9CVSS5.9AI score0.00274EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/22 3:31 a.m.4 views

EUVD-2026-24587

OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access to the global DAAP session list. Attackers can flood the DAAP /login endpoint with concurrent...

8.2CVSS5.8AI score0.00364EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/22 3:31 a.m.6 views

EUVD-2026-24585

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

6.9CVSS5.9AI score0.00274EPSS
Exploits0References3
NVD
NVD
added 2026/04/22 3:16 a.m.9 views

CVE-2026-41457

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

6.9CVSS0.00274EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/22 1:46 a.m.3 views

CVE-2026-41457 OwnTone Server < 29.1 SQL Injection via query and filter Parameters

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

6.9CVSS5.9AI score0.00274EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/22 1:46 a.m.34 views

CVE-2026-41457 OwnTone Server < 29.1 SQL Injection via query and filter Parameters

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

6.9CVSS0.00274EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

OwnTone SQL注入漏洞

OwnTone is an open-source Linux/FreeBSD DAAP iTunes, MPD Music Player Daemon, and RSP Roku media server. Versions 28.4 to 29.0 of OwnTone have a SQL injection vulnerability. This vulnerability stems from insufficient cleaning of the query= and filter= parameters during DAAP queries and filter...

6.9CVSS5.9AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

OwnTone 竞争条件问题漏洞

OwnTone is an open-source Linux/FreeBSD DAAP iTunes, MPD Music Player Daemon, and RSP Roku media server developed by OwnTone. Versions 28.4 to 29.0 of OwnTone have a vulnerability related to concurrency issues. This vulnerability stems from the lack of synchronization when accessing the global DA...

8.2CVSS5.9AI score0.00364EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/23 12:0 a.m.2 views

CVE-2026-26828

A NULL pointer dereference in the daapreplyplaylists function src/httpddaap.c of owntone-server commit 3d1652d allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

5.8AI score0.00339EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.2 views

PT-2026-27146

A NULL pointer dereference in the daap reply playlists function src/httpd daap.c of owntone-server commit 3d1652d allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2026/03/10 12:0 a.m.4 views

Apple macOS Audio APAC Frame Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the decoding of audio...

7.8CVSS6.2AI score0.00254EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/01/22 12:28 a.m.4 views

SUSE CVE-2025-63648

A NULL pointer dereference in the dacpreplyplayqueueeditmove function src/httpddacp.c of owntone-server commit b7e385f allows attackers to cause a Denial of Service DoS via sending a crafted DACP request to the server...

7.5CVSS5.5AI score0.00324EPSS
Exploits0References3
OSV
OSV
added 2026/01/20 9:16 p.m.4 views

CVE-2025-57156

NULL pointer dereference in the dacpreplyplayqueueeditclear function in src/httpddacp.c in owntone-server through commit 6d604a1 newer commit after version 28.12 allows remote attackers to cause a Denial of Service crash...

7.5CVSS5.6AI score
Exploits0References3
Cvelist
Cvelist
added 2026/01/20 12:0 a.m.16 views

CVE-2025-63647

A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

0.00352EPSS
Exploits0References3
CVE
CVE
added 2026/01/20 12:0 a.m.13 views

CVE-2025-63647

A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server (commit 334beb) allows a crafted DAAP request to trigger a Denial of Service. The CVE-2025-63647 entry has a CVSS v3.1 base score of 7.5 (HIGH) with network attack vector and low complexity. Multiple vendor...

7.5CVSS5.5AI score0.00352EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-5818

Malware in sbrugna...

7.9CVSS8.1AI score0.01005EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.2 views

Sound4 PULSE-ECO AES67 安全漏洞

The Sound4 PULSE-ECO AES67 is a radio station audio processing device from Sound4 France. A security vulnerability exists in the Sound4 PULSE-ECO AES67 version 1.22, which stems from a firmware update mechanism that does not validate the integrity of manual.sh, and could lead to remote code...

8.8CVSS7.8AI score0.00324EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2017/09/15 12:0 a.m.6 views

The vulnerability of the Low Energy Audio Protocol (LEAP) operating system on iOS allows a hacker to execute arbitrary code.

The vulnerability of the Low Energy Audio Protocol LEAP in the iOS operating system exists due to the lack of proper checks on commands sent using LEAP. Exploiting this vulnerability allows a malicious actor to remotely exploit buffer overflows and gain full control over the device...

7.9CVSS7.5AI score0.01005EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder