34 matches found
EUVD-2026-33295
FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...
BIT-JRE-2023-22045
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...
BIT-JAVA-MIN-2023-22045
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...
PT-2026-37976
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for...
CVE-2026-27965 affecting package vitess for versions less than 17.0.7-15
CVE-2026-27965 affecting package vitess for versions less than 17.0.7-15. A patched version of the package is available...
CVE-2026-28210 FreePBX: Authenticated SQL Injection in CDR (Call Data Record) Reports
FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr Call Data Record is vulnerable to SQL query injection. This issue has been patched in versions 16.0.49 and 17.0.7...
CVE-2026-28210
This entry concerns CVE-2026-28210 affecting FreePBX (open source IP PBX). The vulnerability lies in the cdr (Call Data Record) module, where an SQL query injection affects versions prior to 16.0.49 and 17.0.7. The issue is caused by unsafe SQL construction within the cdr component, leading to po...
EUVD-2026-9857
FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr Call Data Record is vulnerable to SQL query injection. This issue has been patched in versions 16.0.49 and 17.0.7...
CVE-2026-28210 FreePBX: Authenticated SQL Injection in CDR (Call Data Record) Reports
FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr Call Data Record is vulnerable to SQL query injection. This issue has been patched in versions 16.0.49 and 17.0.7...
PT-2026-23490
Name of the Vulnerable Software and Affected Versions FreePBX versions prior to 16.0.49 FreePBX versions prior to 17.0.7 Description FreePBX module cdr Call Data Record is susceptible to SQL query injection. The issue allows for potential manipulation of database queries through crafted input...
FreePBX SQL注入漏洞
FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI graphical web-based interface. Versions of FreePBX prior to 16.0.49 and 17.0.7 have a SQL injection vulnerability, which stems from SQL query injections in the Call Data...
AZL-77085 CVE-2025-58190 affecting package vitess for versions less than 17.0.7-14
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-60595 CVE-2025-22872 affecting package vitess for versions less than 17.0.7-8
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-56075 CVE-2024-45339 affecting package vitess for versions less than 17.0.7-4
When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...
CVE-2024-24786 affecting package vitess for versions less than 17.0.7-1
CVE-2024-24786 affecting package vitess for versions less than 17.0.7-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-3978 affecting package vitess for versions less than 17.0.7-1
CVE-2023-3978 affecting package vitess for versions less than 17.0.7-1. An upgraded version of the package is available that resolves this issue...
AZL-40493 CVE-2024-32886 affecting package vitess for versions less than 17.0.7-1
Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7...
CVE-2024-32886 Vitess vulnerable to infinite memory consumption and vtgate crash
Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7...
Oracle Java SE Security Update (jul2023) 03 - Linux
Oracle Java SE is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Java SE Security Update (apr2023) 01 - Linux
Oracle Java SE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...