Show filters
10 Total Results
Displaying 1-10 of 10
Sort by:
Attacker Value
Unknown

CVE-2021-27229

Disclosure Date: February 16, 2021 (last updated February 22, 2025)
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.
Attacker Value
Unknown

CVE-2020-13962

Disclosure Date: June 09, 2020 (last updated November 08, 2023)
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)
Attacker Value
Unknown

CVE-2010-2490

Disclosure Date: October 31, 2019 (last updated November 27, 2024)
Mumble: murmur-server has DoS due to malformed client query
Attacker Value
Unknown

CVE-2018-20743

Disclosure Date: January 25, 2019 (last updated November 27, 2024)
murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.
0
Attacker Value
Unknown

CVE-2014-3756

Disclosure Date: November 16, 2014 (last updated October 05, 2023)
The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip.
0
Attacker Value
Unknown

CVE-2014-3755

Disclosure Date: November 16, 2014 (last updated October 05, 2023)
The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.
0
Attacker Value
Unknown

CVE-2014-0045

Disclosure Date: February 08, 2014 (last updated October 05, 2023)
The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Opus voice packet, which triggers an error in opus_decode_float, a conversion of a negative integer to an unsigned integer, and a heap-based buffer over-read and over-write.
0
Attacker Value
Unknown

CVE-2014-0044

Disclosure Date: February 08, 2014 (last updated October 05, 2023)
The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read (aka "out-of-bounds array access").
0
Attacker Value
Unknown

CVE-2014-1916

Disclosure Date: February 08, 2014 (last updated October 05, 2023)
The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1.2.2 do not properly check the return value of the copyDataBlock method, which allow remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted length prefix value in an Opus voice packet.
0
Attacker Value
Unknown

CVE-2012-0863

Disclosure Date: April 30, 2012 (last updated October 04, 2023)
Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.
0