VYPR
Vendor

lastfm

Products
2
CVEs
2
Across products
2
Status
Private

Products

2

Recent CVEs

2
  • CVE-2019-19251MedDec 10, 2019
    risk 0.35cvss 5.3epss 0.01

    The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.

  • CVE-2010-3362Oct 20, 2010
    risk 0.00cvss epss 0.00

    lastfm 1.5.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.