CVSS: 8.1EPSS: 68%CPEs: 3EXPL: 1CVE-2018-18820 – Gentoo Linux Security Advisory 201811-09
https://notcve.org/view.php?id=CVE-2018-18820
04 Nov 2018 — A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution. Se ha descubierto un desbordamiento de búfer en el backend de autenticación de URL en Icecast en versiones anteriores a la 2.4.4. Si el backend está habilitado, cualquier cliente HTTP malicioso puede enviar una petic... • https://github.com/impulsiveness/CVE-2018-18820 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 15%CPEs: 4EXPL: 1CVE-2015-3026 – Debian Security Advisory 3239-1
https://notcve.org/view.php?id=CVE-2015-3026
29 Apr 2015 — Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg." Icecast anterior a 2.4.2, cuando un manejador stream_auth está definido para la autenticación de URLs, permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída) a través de una solicitud si... • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163859.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-9091 – Gentoo Linux Security Advisory 201412-38
https://notcve.org/view.php?id=CVE-2014-9091
10 Dec 2014 — Icecast before 2.4.0 does not change the supplementary group privileges when
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2014-9018 – Mandriva Linux Security Advisory 2014-231
https://notcve.org/view.php?id=CVE-2014-9018
27 Nov 2014 — Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors. Icecast anterior a 2.4.1 transmite las salidas de las secuencias de comandos 'on-connect', lo que podría permitir a atacantes remotos obtener información sensible, relacionado con descriptores de ficheros compartidos. Icecast did not properly handle the launching of scripts on connect or disconnect of sources. This could result in sensiti... • http://icecast.org/news/icecast-release-2_4_1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4612
https://notcve.org/view.php?id=CVE-2011-4612
20 Nov 2012 — icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL. icecast antes de v2.3.3 permite a atacantes remotos inyectar caracteres de control, tales como saltos de línea en registro de errores (error.log) a través de una URL maliciosa. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090668.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2004-0781
https://notcve.org/view.php?id=CVE-2004-0781
14 Sep 2004 — Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast-server) 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en list.cgi en el servidor web interno de Icecast (icecast-server) 1.3.12 y anteriores permite a atacantes remotos inyectar script web de su elección mediante el parámetro UserAgent. • http://www.debian.org/security/2004/dsa-541 •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2004-2027
https://notcve.org/view.php?id=CVE-2004-2027
10 May 2004 — Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a long Basic Authorization header that triggers an out-of-bounds read. • http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0378.html •
CVSS: 9.8EPSS: 22%CPEs: 4EXPL: 1CVE-2002-0177 – Icecast 1.x - AVLLib Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0177
18 Apr 2002 — Buffer overflows in icecast 1.3.11 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request from an MP3 client. Desbordamientos de buffer en icecast 1.3.11 y anteriores permite a atacantes remotos ejecutar código arbitrario mediante una petición HTTP GET larga de un cliente MP3. • https://www.exploit-db.com/exploits/21363 •
CVSS: 7.5EPSS: 10%CPEs: 3EXPL: 3CVE-2001-0784 – Icecast 1.1.x/1.3.x - Directory Traversal
https://notcve.org/view.php?id=CVE-2001-0784
18 Oct 2001 — Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters. Vulnerabilidad en el atravesamiento de directorios de Icecast 1.3.10 y anteriores permite a atacantes remotos leer ficheros arbitrarios mediante un ataque modificado .. (punto punto) usando caractéres URL codificados. • https://www.exploit-db.com/exploits/20972 •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2001-1230
https://notcve.org/view.php?id=CVE-2001-1230
13 Mar 2001 — Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code. • http://marc.info/?l=bugtraq&m=98455723123298&w=2 •