Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigbluebutton vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2022-29235
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the ...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
356
VMScore
CVE-2022-29236
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previous...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
445
VMScore
CVE-2022-29169
BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and before 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service (ReDoS) attacks. By using specific a RegularExpression, an attacker can cause denial of service fo...
Bigbluebutton Bigbluebutton 2.5
Bigbluebutton Bigbluebutton
445
VMScore
CVE-2022-29233
BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but prior to 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout rooms of the meeting they are in. The permission checks rely on knowledge of int...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
NA
CVE-2020-27601
In BigBlueButton prior to 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js.
Bigbluebutton Bigbluebutton
NA
CVE-2020-27602
BigBlueButton prior to 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.
Bigbluebutton Bigbluebutton
445
VMScore
CVE-2020-27603
BigBlueButton prior to 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files.
Bigbluebutton Bigbluebutton
1 Github repository
570
VMScore
CVE-2020-27607
In BigBlueButton prior to 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store t...
Bigbluebutton Bigbluebutton
445
VMScore
CVE-2020-12112
BigBlueButton prior to 2.2.5 allows remote malicious users to obtain sensitive files via Local File Inclusion.
Bigbluebutton Bigbluebutton
1 Github repository
312
VMScore
CVE-2022-27238
BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the victim each time the attacker sends a...
Bigbluebutton Bigbluebutton
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »