VYPR

Vendor CVEs

Bigbluebutton

All CVEs

54 total · sorted by risk
  • CVE-2020-27606Oct 21, 2020
    risk 0.00cvss epss 0.01

    BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

  • CVE-2020-27602Oct 21, 2020
    risk 0.00cvss epss 0.01

    BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.

  • CVE-2020-12443Apr 29, 2020
    risk 0.00cvss epss 0.04

    BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to…

  • CVE-2020-12113Apr 23, 2020
    risk 0.00cvss epss 0.01

    BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used.

Page 2 of 2