Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigbluebutton bigbluebutton vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-27605
BigBlueButton up to and including 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox."
Bigbluebutton Bigbluebutton
5.3
CVSSv3
CVE-2020-27606
BigBlueButton prior to 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an http session.
Bigbluebutton Bigbluebutton
6.5
CVSSv3
CVE-2020-27607
In BigBlueButton prior to 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store t...
Bigbluebutton Bigbluebutton
6.1
CVSSv3
CVE-2020-27608
In BigBlueButton prior to 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.
Bigbluebutton Bigbluebutton
5.3
CVSSv3
CVE-2020-27609
BigBlueButton up to and including 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant.
Bigbluebutton Bigbluebutton
7.5
CVSSv3
CVE-2020-27610
The installation procedure in BigBlueButton prior to 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access.
Bigbluebutton Bigbluebutton
7.3
CVSSv3
CVE-2020-27611
BigBlueButton up to and including 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.
Bigbluebutton Bigbluebutton
4.3
CVSSv3
CVE-2020-27612
Greenlight in BigBlueButton up to and including 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window.
Bigbluebutton Bigbluebutton
8.4
CVSSv3
CVE-2020-27613
The installation procedure in BigBlueButton prior to 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.
Bigbluebutton Bigbluebutton
6.5
CVSSv3
CVE-2023-33176
BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions are affected by a Server-Side Request Forgery (SSRF) vulnerability. In an `insertDocument` API request the user is able to supply a URL from which the presen...
Bigbluebutton Bigbluebutton
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
CVE-2023-38506
CVE-2024-37198
CVE-2023-45197
CVE-2024-38621
CVE-2024-30103
elevation of privilege
CVE-2024-0044
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »