Skip to main content

Icecast

4 CVEs product

Monthly

CVE-2018-18820 HIGH PATCH This Week

A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service RCE Buffer Overflow Icecast Debian Linux
NVD
CVSS 3.0
8.1
EPSS
48.9%
CVE-2015-3026 MEDIUM POC THREAT This Month

Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.3%.

Denial Of Service Icecast Debian Linux Opensuse
NVD
CVSS 2.0
5.0
EPSS
15.3%
CVE-2014-9091 MEDIUM POC This Month

Icecast before 2.4.0 does not change the supplementary group privileges when <changeowner> is configured, which allows local users to gain privileges via unspecified vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Icecast
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-9018 MEDIUM POC This Month

Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecast
NVD
CVSS 2.0
5.0
EPSS
0.8%
EPSS 49% CVSS 8.1
HIGH PATCH This Week

A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service RCE Buffer Overflow +2
NVD
EPSS 15% CVSS 5.0
MEDIUM POC THREAT This Month

Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.3%.

Denial Of Service Icecast Debian Linux +1
NVD
EPSS 0% CVSS 4.6
MEDIUM POC This Month

Icecast before 2.4.0 does not change the supplementary group privileges when <changeowner> is configured, which allows local users to gain privileges via unspecified vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Icecast
NVD
EPSS 1% CVSS 5.0
MEDIUM POC This Month

Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecast
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy