Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigbluebutton bigbluebutton vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-23488
BigBlueButton is an open source web conferencing system. Versions before 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an malicious user to subscribe to viewers...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
NA
CVE-2022-23490
BigBlueButton is an open source web conferencing system. Versions before 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll collection does not update the ...
Bigbluebutton Bigbluebutton
NA
CVE-2022-41964
BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the...
Bigbluebutton Bigbluebutton 2.4
NA
CVE-2022-41963
BigBlueButton is an open source web conferencing system. Versions before 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by malicious users to take actions in the few seconds after their access is revoked. The at...
Bigbluebutton Bigbluebutton
NA
CVE-2022-41961
BigBlueButton is an open source web conferencing system. Versions before 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still join the meeting with the remainin...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
NA
CVE-2022-41962
BigBlueButton is an open source web conferencing system. Versions before 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should on...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
NA
CVE-2022-41960
BigBlueButton is an open source web conferencing system. Versions before 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to `validateAuthToken` using a victim's userId, meetingId, and an...
Bigbluebutton Bigbluebutton
NA
CVE-2020-27601
In BigBlueButton prior to 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js.
Bigbluebutton Bigbluebutton
NA
CVE-2020-27602
BigBlueButton prior to 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.
Bigbluebutton Bigbluebutton
2.1
CVSSv2
CVE-2022-31064
BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker (with xss in the name) starts a chat. in the victim's client the Jav...
Bigbluebutton Bigbluebutton 2.5
Bigbluebutton Bigbluebutton
Bigbluebutton Bigbluebutton 2.3.0
Bigbluebutton Bigbluebutton 2.4.9
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »