CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27229 – Gentoo Linux Security Advisory 202105-13
https://notcve.org/view.php?id=CVE-2021-27229
16 Feb 2021 — Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. Mumble versiones anteriores a 1.3.4, permite una ejecución de código remota si una víctima navega hacia una URL diseñada en una lista de servidores y hace clic sobre el texto Open Webpage It was discovered that the Mumble client supported websites for public servers with arbitrary URL schemes. If a user were tricked into visiting a malicious website from the public se... • https://github.com/mumble-voip/mumble/commit/e59ee87abe249f345908c7d568f6879d16bfd648 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 1CVE-2020-13962 – qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications
https://notcve.org/view.php?id=CVE-2020-13962
08 Jun 2020 — Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) Qt versiones 5.12.2 hasta 5.14.2, como es usado en compilaciones no oficiales de Mumble versión 1.3.0 y otros productos, maneja inapropiadamente la cola d... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html • CWE-391: Unchecked Error Condition •