CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27229 – Gentoo Linux Security Advisory 202105-13
https://notcve.org/view.php?id=CVE-2021-27229
16 Feb 2021 — Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. Mumble versiones anteriores a 1.3.4, permite una ejecución de código remota si una víctima navega hacia una URL diseñada en una lista de servidores y hace clic sobre el texto Open Webpage It was discovered that the Mumble client supported websites for public servers with arbitrary URL schemes. If a user were tricked into visiting a malicious website from the public se... • https://github.com/mumble-voip/mumble/commit/e59ee87abe249f345908c7d568f6879d16bfd648 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 7%CPEs: 3EXPL: 0CVE-2018-20743 – Debian Security Advisory 4402-1
https://notcve.org/view.php?id=CVE-2018-20743
25 Jan 2019 — murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. murmur en Mumble, hasta la versión 1.2.19 antes del 31/08/2018, gestiona de manera incorrecta múltiples peticiones concurrentes que persisten en la base de datos, lo que permite a los atacantes remotos provocar una denegación de servicio (bloqueo o cierre inesperado del demonio) med... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00045.html • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 1%CPEs: 11EXPL: 1CVE-2014-3755 – Gentoo Linux Security Advisory 201406-06
https://notcve.org/view.php?id=CVE-2014-3755
06 Jun 2014 — The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file. El modulo QSvg en Qt, usado en Mumble client 1.2.x anterior a 1.2.6, permite a atacantes remotos causar una denegación de servicio (cuelgue y el consumo de recursos)a través de la referencia de un archivo local en (1) una etiqueta de imagen o (2)en una hoja de estilos X... • http://mumble.info/security/Mumble-SA-2014-005.txt • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-3756 – Gentoo Linux Security Advisory 201406-06
https://notcve.org/view.php?id=CVE-2014-3756
06 Jun 2014 — The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip. El cliente en Mumble 1.2.x anterior a 1.2.6 permite a atacantes remotos forzar la subida de un fichero ext... • http://mumble.info/security/Mumble-SA-2014-006.txt • CWE-19: Data Processing Errors •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2014-1916
https://notcve.org/view.php?id=CVE-2014-1916
08 Feb 2014 — The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1.2.2 do not properly check the return value of the copyDataBlock method, which allow remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted length prefix value in an Opus voice packet. Las funciones (1) opus_packet_get_nb_frames y (2) opus_packet_get_samples_per_frame e... • http://mumble.info/security/Mumble-SA-2014-003.txt • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0044 – Debian Security Advisory 2854-1
https://notcve.org/view.php?id=CVE-2014-0044
05 Feb 2014 — The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read (aka "out-of-bounds array access"). La función opus_packet_get_samples_per_frame en client en Mumble 1.2.4 y las instantáneas pre-lanzamiento de 1.2.3 permite a atacantes remotos causar una denegación de servicio (caída) a través de... • http://lists.opensuse.org/opensuse-updates/2014-02/msg00063.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.4EPSS: 2%CPEs: 11EXPL: 0CVE-2014-0045 – Debian Security Advisory 2854-1
https://notcve.org/view.php?id=CVE-2014-0045
05 Feb 2014 — The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Opus voice packet, which triggers an error in opus_decode_float, a conversion of a negative integer to an unsi... • http://lists.opensuse.org/opensuse-updates/2014-02/msg00063.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-0863
https://notcve.org/view.php?id=CVE-2012-0863
30 Apr 2012 — Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file. Mumble v1.2.3 y anteriores usa los permisos "world-readable" en los ficheros .local/share/data/Mumble/.mumble.sqlite en los directorios home, lo que podría permitir a usuarios locales obtener una contraseña en texto plano y los datos de configuración mediante la lectura de dichos ... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659039 • CWE-310: Cryptographic Issues •