Asterisk 代码问题漏洞

Asterisk is a software for PBX systems developed by Asterisk OpenSource. It runs on Linux systems and supports IP calls using SIP, IAX, and H323 protocols. There were code vulnerabilities in versions prior to 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2. These vulnerabilities stemmed from the...

Malicious code in reject-book-execute-bash-code (npm)

The package reject-book-execute-bash-code was found to contain malicious code...

MAL-2025-32877 Malicious code in secure-daemon-bash-code-array (npm)

The package secure-daemon-bash-code-array was found to contain malicious code...

MAL-2025-32038 Malicious code in reject-book-execute-bash-code (npm)

The package reject-book-execute-bash-code was found to contain malicious code...

CVE-2022-44794

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to...

GHSA-CV5C-2QV5-W2M2 Passbolt Api Remote code execution

Passbolt provides a way for system administrators to generate a PGP key for the server during installation. The wizard requests a username, an e-mail address and an optional comment. No escaping or verification is done by Passbolt, effectively allowing a user to inject bash code. The impact is ve...

Passbolt Api Remote code execution

Passbolt provides a way for system administrators to generate a PGP key for the server during installation. The wizard requests a username, an e-mail address and an optional comment. No escaping or verification is done by Passbolt, effectively allowing a user to inject bash code. The impact is ve...

PT-2024-40250 · Passbolt · Passbolt

Name of the Vulnerable Software and Affected Versions: Passbolt affected versions not specified Description: The issue allows a user to inject bash code during the installation stage of Passbolt, as the system does not perform escaping or verification on the input provided for the username, e-mai...

CVE-2023-31446

In Cassia Gateway firmware XC10002.1.1.2303082218 and XC20002.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup...

Code injection

In Cassia Gateway firmware XC10002.1.1.2303082218 and XC20002.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup...

CVE-2023-31446

Cassia Gateway firmware versions XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947 expose a vulnerability where the queueUrl parameter in /bypass/config is not sanitized, enabling injection of Bash code that executes with root privileges at device startup. This affects the Cassia Gateway firmwa...

PT-2024-1049 · Cassia · Cassia Gateway Firmware Xc2000 +1

Name of the Vulnerable Software and Affected Versions: Cassia Gateway firmware XC1000 2.1.1.2303082218 Cassia Gateway firmware XC2000 2.1.1.2303090947 Description: The issue is related to the queueUrl parameter in the "/bypass/config" API endpoint, which is not properly sanitized. This allows for...

CVE-2023-31465

An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named argx, with x an integer starting from 1; it is possible t...

Integer overflow

An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named argx, with x an integer starting from 1; it is possible t...

CVE-2023-31465

An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named argx, with x an integer starting from 1; it is possible t...

Code injection

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to...

PT-2022-27314 · Unknown · Object First Ootbi Beta

Name of the Vulnerable Software and Affected Versions: Object First Ootbi BETA versions 1.0.7.712 through 1.0.13.1610 Description: An issue was discovered in the management protocol, allowing a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname...

CVE-2022-44794

CVE-2022-44794 affects Object First Ootbi BETA, versions 1.0.7.712 through 1.0.13.1610. The root cause is an input validation flaw in the hostname-setting command within the management protocol, allowing a remote attacker with credentials to pass arbitrary data to Bash, enabling arbitrary code ex...

CVE-2022-44794

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to...

CVE-2020-26222

Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. In Dependabot-Core from version 0.119.0.beta1 before version 0.125.1, there is a remote code execution vulnerability in dependabot-common and...