CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27229 – Gentoo Linux Security Advisory 202105-13
https://notcve.org/view.php?id=CVE-2021-27229
16 Feb 2021 — Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. Mumble versiones anteriores a 1.3.4, permite una ejecución de código remota si una víctima navega hacia una URL diseñada en una lista de servidores y hace clic sobre el texto Open Webpage It was discovered that the Mumble client supported websites for public servers with arbitrary URL schemes. If a user were tricked into visiting a malicious website from the public se... • https://github.com/mumble-voip/mumble/commit/e59ee87abe249f345908c7d568f6879d16bfd648 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 1CVE-2020-13962 – qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications
https://notcve.org/view.php?id=CVE-2020-13962
08 Jun 2020 — Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) Qt versiones 5.12.2 hasta 5.14.2, como es usado en compilaciones no oficiales de Mumble versión 1.3.0 y otros productos, maneja inapropiadamente la cola d... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html • CWE-391: Unchecked Error Condition •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2010-2490
https://notcve.org/view.php?id=CVE-2010-2490
31 Oct 2019 — Mumble: murmur-server has DoS due to malformed client query Mumble: murmur-server presenta una vulnerabilidad de DoS debido a una consulta de cliente malformada • https://access.redhat.com/security/cve/cve-2010-2490 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 7%CPEs: 3EXPL: 0CVE-2018-20743 – Debian Security Advisory 4402-1
https://notcve.org/view.php?id=CVE-2018-20743
25 Jan 2019 — murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. murmur en Mumble, hasta la versión 1.2.19 antes del 31/08/2018, gestiona de manera incorrecta múltiples peticiones concurrentes que persisten en la base de datos, lo que permite a los atacantes remotos provocar una denegación de servicio (bloqueo o cierre inesperado del demonio) med... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00045.html • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 1%CPEs: 11EXPL: 1CVE-2014-3755 – Gentoo Linux Security Advisory 201406-06
https://notcve.org/view.php?id=CVE-2014-3755
06 Jun 2014 — The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file. El modulo QSvg en Qt, usado en Mumble client 1.2.x anterior a 1.2.6, permite a atacantes remotos causar una denegación de servicio (cuelgue y el consumo de recursos)a través de la referencia de un archivo local en (1) una etiqueta de imagen o (2)en una hoja de estilos X... • http://mumble.info/security/Mumble-SA-2014-005.txt • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-3756 – Gentoo Linux Security Advisory 201406-06
https://notcve.org/view.php?id=CVE-2014-3756
06 Jun 2014 — The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip. El cliente en Mumble 1.2.x anterior a 1.2.6 permite a atacantes remotos forzar la subida de un fichero ext... • http://mumble.info/security/Mumble-SA-2014-006.txt • CWE-19: Data Processing Errors •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-0863
https://notcve.org/view.php?id=CVE-2012-0863
30 Apr 2012 — Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file. Mumble v1.2.3 y anteriores usa los permisos "world-readable" en los ficheros .local/share/data/Mumble/.mumble.sqlite en los directorios home, lo que podría permitir a usuarios locales obtener una contraseña en texto plano y los datos de configuración mediante la lectura de dichos ... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659039 • CWE-310: Cryptographic Issues •