oFono 安全漏洞

oFono is an open source telephony communication framework open-sourced by UBports. A security vulnerability exists in oFono versions prior to 2.1, which stems from a stack overflow error triggered by the smsdecodeaddressfield function during SMS PDU decoding...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that results from a denial of service when handling non-standard sized SMS containers received in a DL NAS transport in NR...

CVE-2024-25920

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4...

PT-2024-38413

Name of the Vulnerable Software and Affected Versions oFono affected versions not specified Description This issue allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit...

ZTE MF258 Cross-Site Scripting Vulnerability

The ZTE MF258 is a desktop router from ZTE Corporation ZTE, China. A cross-site scripting vulnerability exists in the ZTE MF258 version prior to ZTESTDV1.0.0B11, which stems from insufficient validation of SMS interface parameter inputs, resulting in a cross-site scripting attack...

PT-2024-12971 · Zte · Zte Mf258

Name of the Vulnerable Software and Affected Versions: ZTE MF258 affected versions not specified Description: There is a Cross-site scripting XSS issue due to insufficient input validation of the SMS interface parameter, which can trigger an XSS attack. Recommendations: At the moment, there is no...

PT-2023-30969 · Unknown · Availability Booking Calendar

Name of the Vulnerable Software and Affected Versions: Availability Booking Calendar version 5.0 Description: The issue concerns Multiple HTML Injection problems. These issues can be exploited via the SMS API Key or the Default Country Code. Recommendations: For Availability Booking Calendar...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated. A security vulnerability exists in Qualcomm Chipsets, which is caused by a memory corruption in the wireless interface layer when sending an SMS or writing an SMS to a SIM...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability, which is caused by the disclosure of side channel information in the SMS service. The vulnerability can be exploited by an attacker to obtain sensitive...

CVE-2023-26595

Denial-of-service DoS vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition...

PT-2023-7966 · Ofono +4 · Ofono +4

Name of the Vulnerable Software and Affected Versions: ofono affected versions not specified Description: A flaw was found in ofono, an Open Source Telephony on Linux, where a stack overflow bug is triggered within the sms decode address field function during the SMS PDU decoding. This issue can ...

PT-2023-13270 · Qualcomm · Snapdragon +12

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, use: affected versions not specified Description: The issue is related to memory corruption caused by a buffer copy without checking the size of the input in a modem. This occurs while decoding raw...

Kalkun 跨站脚本漏洞

Kalkun is an open source web-based SMS Short Message Service manager from sourceforge. A cross-site scripting vulnerability exists in Kalkun version 0.8.0. An attacker could exploit this vulnerability to conduct cross-site scripting attacks...

TIBCO Enterprise Message Service Windows Platform < 8.6.0 Multiple Vulnerabilities

The version of TIBCO Enterprise Message Service Windows Platform running on the remote host is pior to 8.6.0. It is, therefore, affected by multiple vulnerabilities: - A vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating...

Apache Flume 注入漏洞

Apache Flume is the United States Apache Apache Foundation of a distributed, reliable and available services. It is used to efficiently collect, aggregate and move large amounts of log data. An injection vulnerability exists in Apache Flume versions 1.4.0 through 1.10.1, which stems from...

Improper Input Validation in Apache ActiveMQ

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service JMS ObjectMessage object...

CVE-2022-20093

In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498868; Issue ID: ALPS064988...

CVE-2022-25821

Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...