Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigbluebutton vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-27605
BigBlueButton up to and including 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox."
Bigbluebutton Bigbluebutton
668
VMScore
CVE-2020-27611
BigBlueButton up to and including 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.
Bigbluebutton Bigbluebutton
668
VMScore
CVE-2020-12443
BigBlueButton prior to 2.2.6 allows remote malicious users to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. This can be leveraged for privilege escalation via a directory traver...
Bigbluebutton Bigbluebutton
1 Github repository
605
VMScore
CVE-2020-26163
BigBlueButton Greenlight prior to 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link.
Bigbluebutton Greenlight
570
VMScore
CVE-2020-27607
In BigBlueButton prior to 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store t...
Bigbluebutton Bigbluebutton
445
VMScore
CVE-2022-31039
Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room's settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room's settings. This iss...
Bigbluebutton Greenlight
445
VMScore
CVE-2022-29233
BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but prior to 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout rooms of the meeting they are in. The permission checks rely on knowledge of int...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
445
VMScore
CVE-2022-29169
BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and before 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service (ReDoS) attacks. By using specific a RegularExpression, an attacker can cause denial of service fo...
Bigbluebutton Bigbluebutton 2.5
Bigbluebutton Bigbluebutton
445
VMScore
CVE-2020-29043
An issue exists in BigBlueButton up to and including 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name.
Bigbluebutton Bigbluebutton
445
VMScore
CVE-2020-28954
web/controllers/ApiController.groovy in BigBlueButton prior to 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name.
Bigbluebutton Bigbluebutton
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »