This page aggregates publicly disclosed CVE and security risk information related to craig_drummond, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2013-7301 | Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue. | [email protected] | 5.0 | 1.51% | 2014-02-02 | 2026-04-29 |
| CVE-2013-7300 | Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301. | [email protected] | 5.0 | 1.54% | 2014-02-02 | 2026-04-29 |