PT-2022-27460 · Funkwhale · Funkwhale

Name of the Vulnerable Software and Affected Versions: Funkwhale version 1.2.8 Description: The issue concerns user invites that do not permanently expire after being used for signup. These invites can be used again even after an account associated with the invite has been deleted. Recommendation...

CVE-2022-45909

drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request...

CVE-2022-45909

drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request...

Heap overflow

drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request...

drachtio-server 缓冲区错误漏洞

drachtio-server is a drachtio open source SIP server built on the sofia SIP stack. A buffer error vulnerability exists in drachtio-server version 0.8.18, which stems from the fact that an attacker can submit an overly long Request-URI via an INVITE request resulting in an out-of-bounds read of a...

CVE-2022-45909

drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request...

PT-2022-27678 · Unknown · Drachtio-Server

Name of the Vulnerable Software and Affected Versions: drachtio-server versions prior to 0.8.19 Description: The issue is a heap-based buffer over-read that occurs when a long Request-URI is sent in an INVITE request. This can be exploited via the Request-URI in an INVITE request. Recommendations...

CVE-2022-45909

drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request...

CVE-2022-45909

CVE-2022-45909 affects drachtio-server prior to 0.8.19, where a long Request-URI in an INVITE request can trigger a heap-based buffer over-read. Public sources consistently describe the issue as a heap-based buffer over-read in the SIP INVITE handling (Request-URI) of drachtio-server

Debian dla-3194 : asterisk - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3194 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3194-1 [email protected]...

FreeBSD : Grafana -- Privilege escalation (6eb6a442-629a-11ed-9ca2-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6eb6a442-629a-11ed-9ca2-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5....

Input validation

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non...

UBUNTU-CVE-2022-39306

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non...

CVE-2022-39306 Grafana contains Improper Input Validation

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non...

CVE-2022-39306

CVE-2022-39306 affects Grafana prior to 9.2.4 (and 8.5.x backport to 8.5.15). The issue is improper input validation during the invitation/sign-up flow that admins use to add members to an organization. An invite link can be used to sign up with arbitrary username/email, enabling an attacker to b...

Email addresses and usernames can not be trusted

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non...

CVE-2022-39356 Discourse user account takeover via email and invite link

Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user's email and gain access to their account when accepting the invitation. All users should upgrade to the latest version. A workaround is...

Grafana -- Privilege escalation

Grafana Labs reports: Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to si...

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities -- which pair AI-generated profile photos wit...

CVE-2022-37458

Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate...