admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-10-21 20:03:38 +00:00
parent 2a5a083f30
commit 13d77b92ef
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
11 changed files with 25 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
2020/25xxx/CVE-2020-25820.json
View File

@ -57,15 +57,25 @@
"refsource": "MISC",
"name": "https://www.redteam-pentesting.de/advisories/rt-sa-2020-005"
},
{
"url": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7",
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7"
},
{
"url": "https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html",
"refsource": "MISC",
"name": "https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159667/BigBlueButton-2.2.25-File-Disclosure-Server-Side-Request-Forgery.html",
"url": "http://packetstormsecurity.com/files/159667/BigBlueButton-2.2.25-File-Disclosure-Server-Side-Request-Forgery.html"
},
{
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/commit/71fe1eac1e5bd73a2cd44bd79c001086b250e435",
"url": "https://github.com/bigbluebutton/bigbluebutton/commit/71fe1eac1e5bd73a2cd44bd79c001086b250e435"
},
{
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.26...v2.2.27",
"url": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.26...v2.2.27"
}
]
}

2
2020/27xxx/CVE-2020-27603.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "BigBlueButton before 2.2.7 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files."
"value": "BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files."
}
]
},

2
2020/27xxx/CVE-2020-27605.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "BigBlueButton through 2.2.8 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a \"schwache Sandbox.\""
"value": "BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a \"schwache Sandbox.\""
}
]
},

2
2020/27xxx/CVE-2020-27606.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "BigBlueButton before 2.2.8 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
"value": "BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
]
},

2
2020/27xxx/CVE-2020-27607.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In BigBlueButton before 2.2.8 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or transmit it to one or more meeting participants or other third parties."
"value": "In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or transmit it to one or more meeting participants or other third parties."
}
]
},

2
2020/27xxx/CVE-2020-27608.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In BigBlueButton before 2.2.8 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document."
"value": "In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document."
}
]
},

2
2020/27xxx/CVE-2020-27609.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "BigBlueButton through 2.2.8 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant."
"value": "BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant."
}
]
},

2
2020/27xxx/CVE-2020-27610.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "The installation procedure in BigBlueButton before 2.2.8 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access."
"value": "The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access."
}
]
},

2
2020/27xxx/CVE-2020-27611.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "BigBlueButton through 2.2.8 uses STUN/TURN resources from a third party, which may represent an unintended endpoint."
"value": "BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint."
}
]
},

2
2020/27xxx/CVE-2020-27612.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Greenlight in BigBlueButton through 2.2.8 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window."
"value": "Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window."
}
]
},

12
2020/27xxx/CVE-2020-27613.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "The installation procedure in BigBlueButton before 2.2.17 uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access."
"value": "The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access."
}
]
},
@ -56,16 +56,6 @@
"url": "https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html",
"refsource": "MISC",
"name": "https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html"
},
{
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/commit/fa730b726aa1e0f4601f428ee29830007eea0080",
"url": "https://github.com/bigbluebutton/bigbluebutton/commit/fa730b726aa1e0f4601f428ee29830007eea0080"
},
{
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.16...v2.2.17",
"url": "https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.16...v2.2.17"
}
]
}