PT-2024-15323 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software name or version is mentioned in the provided descriptions. Description: In the getConfig function of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could...

Google Android Security Vulnerability

Google Android is a Linux-based open-source operating system from Google Inc. in the United States. A security vulnerability exists in Google Android, which stems from a missing validation check in the getConfig method of the SoftVideoDecoderOMXComponent.cpp file, which may result in an...

Asterisk Multiple Vulnerabilities (Dec 2023)

Asterisk is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk"; if description...

D-Link DIR-825 Buffer Overflow Vulnerability (CNVD-2023-21665)

D-Link DIR-825 is a router from D-Link, a Chinese company. D-Link DIR-825 v1.33.0.44ebdd4-embedded and previous versions are vulnerable to a buffer overflow vulnerability, which is caused by a boundary error when handling untrusted input, and can be exploited to execute arbitrary code against the...

CVE-2022-47035

Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint...

CVE-2022-47035

Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint...

Buffer overflow

Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint...

D-Link DIR-825 安全漏洞

D-Link DIR-825 is a router from D-Link, a Chinese company. D-Link DIR-825 v1.33.0.44ebdd4-embedded and previous versions are vulnerable to a buffer overflow vulnerability, which is caused by a boundary error when handling untrusted input, and can be exploited to execute arbitrary code against the...

CVE-2022-47035

Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint...

CVE-2022-47035

Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint...

DEBIAN-CVE-2022-42706

An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal...

ALPINE-CVE-2022-42706

An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal...

CVE-2022-42706

An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal...

CVE-2022-42706

An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal...

PT-2022-26511 · Sangoma +1 · Asterisk +1

Name of the Vulnerable Software and Affected Versions: Sangoma Asterisk versions 16.28 and earlier, 17, 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1 Description: An issue was discovered in Sangoma Asterisk that allows a connected application to access files outside of the...

Asterisk 路径遍历漏洞

Asterisk is a software for PBX systems that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk suffers from a security vulnerability that stems from the vulnerability of remote authentication sessions, where GetConfig AMI Action can read files outside of a directory,...

Asterisk -- multiple vulnerabilities

The Asterisk project reports: AST-2022-007: Remote Crash Vulnerability in H323 channel add on AST-2022-008: Use after free in respjsippubsub.c AST-2022-009: GetConfig AMI Action can read files outside of Asterisk directory...

CVE-2022-37700

Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information remote. The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig...

Directory traversal

Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information remote. The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig...

VulnCheck KEV: CVE-2014-8357

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf...