|
210251
|
7.3 |
HIGH
Network
|
bigbluebutton
|
bigbluebutton
|
BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-27611
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210252
|
7.5 |
HIGH
Network
|
bigbluebutton
|
bigbluebutton
|
The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block ext…
|
NVD-CWE-noinfo
|
CVE-2020-27610
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210253
|
5.3 |
MEDIUM
Network
|
bigbluebutton
|
bigbluebutton
|
BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meetin…
|
CWE-863
Incorrect Authorization
|
CVE-2020-27609
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210254
|
6.1 |
MEDIUM
Network
|
bigbluebutton
|
bigbluebutton
|
In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27608
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210255
|
6.5 |
MEDIUM
Network
|
bigbluebutton
|
bigbluebutton
|
In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to …
|
NVD-CWE-noinfo
|
CVE-2020-27607
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210256
|
5.3 |
MEDIUM
Network
|
bigbluebutton
|
bigbluebutton
|
BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its…
|
NVD-CWE-Other
|
CVE-2020-27606
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210257
|
9.8 |
CRITICAL
Network
|
bigbluebutton
|
bigbluebutton
|
BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox."
|
NVD-CWE-Other
|
CVE-2020-27605
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210258
|
6.5 |
MEDIUM
Network
|
bigbluebutton
|
bigbluebutton
|
BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With t…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2020-27604
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210259
|
7.5 |
HIGH
Network
|
bigbluebutton
|
bigbluebutton
|
BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files.
|
NVD-CWE-noinfo
|
CVE-2020-27603
|
2024-11-21 14:21 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210260
|
7.5 |
HIGH
Network
|
easy-parse_project
|
easy-parse
|
easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.
|
CWE-611
XXE
|
CVE-2020-26710
|
2024-11-21 14:20 |
2023-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
