SUSE CVE-2026-41457

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

SUSE CVE-2026-41458

OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access to the global DAAP session list. Attackers can flood the DAAP /login endpoint with concurrent...

EUVD-2026-24585

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

CVE-2026-41458

OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access to the global DAAP session list. Attackers can flood the DAAP /login endpoint with concurrent...

CVE-2026-41457

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

CVE-2026-41458

OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access to the global DAAP session list. Attackers can flood the DAAP /login endpoint with concurrent...

CVE-2026-41458 OwnTone Server < 29.1 Race Condition DoS via DAAP Login

OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access to the global DAAP session list. Attackers can flood the DAAP /login endpoint with concurrent...

CVE-2026-41458 OwnTone Server < 29.1 Race Condition DoS via DAAP Login

OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access to the global DAAP session list. Attackers can flood the DAAP /login endpoint with concurrent...

CVE-2026-41458

OwnTone Server versions 28.4–29.0 are affected by a race condition in the DAAP login handler that allows unauthenticated attackers to crash the server by flooding the /login endpoint due to unsynchronized access to the global DAAP session list. The CVE record indicates a fix in 29.1; upgrade to 2...

CVE-2026-41457 OwnTone Server < 29.1 SQL Injection via query and filter Parameters

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

CVE-2026-41457

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

CVE-2026-41457 OwnTone Server < 29.1 SQL Injection via query and filter Parameters

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

CVE-2026-41457

OwnTone Server (versions 28.4–29.0) contains a SQL injection in DAAP query and filter handling. Malicious values in query= and filter= for integer-mapped DAAP fields bypass filters and may grant unauthorized access to media library data due to insufficient input sanitization. Connected records in...

PT-2026-34239

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

OwnTone SQL注入漏洞

OwnTone is an open-source Linux/FreeBSD DAAP iTunes, MPD Music Player Daemon, and RSP Roku media server. Versions 28.4 to 29.0 of OwnTone have a SQL injection vulnerability. This vulnerability stems from insufficient cleaning of the query= and filter= parameters during DAAP queries and filter...

OwnTone 竞争条件问题漏洞

OwnTone is an open-source Linux/FreeBSD DAAP iTunes, MPD Music Player Daemon, and RSP Roku media server developed by OwnTone. Versions 28.4 to 29.0 of OwnTone have a vulnerability related to concurrency issues. This vulnerability stems from the lack of synchronization when accessing the global DA...

CVE-2025-44560

owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking...

EUVD-2025-209405

owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking...

CVE-2025-44560

owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking...

CVE-2025-44560

owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking...