CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-23742
https://notcve.org/view.php?id=CVE-2024-23742
28 Jan 2024 — An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor disputes this because it requires local access to a victim's machine. Un problema en Loom en macOS versión 0.196.1 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de la configuración RunAsNode y enableNodeClilnspectArguments. • https://github.com/giovannipajeu1/CVE-2024-23742 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-14432
https://notcve.org/view.php?id=CVE-2019-14432
07 Aug 2019 — Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is recording a video with the application. The same attack vector can be used to crash the application at any time. Autenticación incorrecta de conexiones de WebSocket de la aplicación en Loom Desktop para Mac hasta versión 0.16.0, permite la ejecución de código remota desde u... • https://thomask.sdf.org/blog/2019/08/07/cve-2019-14432-loom-desktop-rce-vulnerability.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 2CVE-2004-2129 – Loom Software SurfNow 1.x/2.x - GET Remote Denial of Service
https://notcve.org/view.php?id=CVE-2004-2129
31 Dec 2004 — SurfNOW 2.2 allows remote attackers to cause a denial of service (crash) via a series of long HTTP GET requests, possibly triggering a buffer overflow. • https://www.exploit-db.com/exploits/23614 •