Lucene search
K

119 matches found

CNNVD
CNNVD
added 2023/11/02 12:0 a.m.5 views

FreePBX Security Vulnerabilities

FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk an IP telephony system through a GUI web-based graphical interface. A security vulnerability exists in FreePBX that stems from the presence of an access control error issue...

8.8CVSS6.6AI score0.00718EPSS
Exploits1References4
CVE
CVE
added 2023/11/02 12:0 a.m.97 views

CVE-2023-43336

Summary: CVE-2023-43336 affects Sangoma/FreePBX; an access‑control issue allows bypass via a modified parameter value. Affected software (from provided docs): Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17. Technical detail (root cause): Access control flaw via a m...

8.8CVSS8.7AI score0.00718EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/08/11 2:15 p.m.1 views

DEBIAN-CVE-2023-39948

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the BadParamException thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 conta...

7.5CVSS7.2AI score0.00893EPSS
Exploits0References1
NVD
NVD
added 2023/08/11 2:15 p.m.28 views

CVE-2023-39946

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...

8.2CVSS8.1AI score0.00776EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/08/11 2:15 p.m.26 views

CVE-2023-39946

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...

8.2CVSS7AI score0.00776EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2023/08/11 2:15 p.m.28 views

CVE-2023-39948

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the BadParamException thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 conta...

7.5CVSS7AI score0.00893EPSS
Exploits0References4
OSV
OSV
added 2023/08/11 2:15 p.m.2 views

UBUNTU-CVE-2023-39948

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the BadParamException thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 conta...

7.5CVSS7.1AI score0.00893EPSS
Exploits0References5
OSV
OSV
added 2023/08/11 2:15 p.m.4 views

UBUNTU-CVE-2023-39946

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...

8.2CVSS5.8AI score0.00776EPSS
Exploits0References5
OSV
OSV
added 2023/08/11 1:51 p.m.25 views

CVE-2023-39948 Uncaught fastcdr exception (Unexpected CDR type received) crashing fastdds

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the BadParamException thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 conta...

7.5CVSS7.3AI score0.00893EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2023/08/11 1:51 p.m.23 views

CVE-2023-39948

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the BadParamException thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 conta...

7.5CVSS7.3AI score0.00893EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/08/11 1:37 p.m.13 views

CVE-2023-39946 Heap overflow in push_back_helper due to a CDR message

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...

8.2CVSS6.7AI score0.00776EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/08/11 1:37 p.m.33 views

CVE-2023-39946 Heap overflow in push_back_helper due to a CDR message

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...

8.2CVSS8.3AI score0.00776EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/11 12:0 a.m.4 views

eProsima Fast DDS Buffer Error Vulnerability

eProsima Fast DDS is the C++ implementation of eProsima's OMG Object Management Group DDS Data Distribution Service standard. A security vulnerability exists in eProsima Fast DDS version 2.9.1, which originates from a heap overflow that can be caused by supplying the PIDPROPERTYLIST parameter wit...

8.2CVSS7AI score0.00776EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/08/11 12:0 a.m.5 views

PT-2023-4900 · Eprosima +2 · Eprosima Fast Dds +2

Name of the Vulnerable Software and Affected Versions: eprosima Fast DDS versions prior to 2.10.0 and 2.6.5 Description: The issue is related to insufficient handling of exceptional states in the eprosima Fast DDS library, which is a C++ implementation of the Data Distribution Service standard of...

9.1CVSS7.3AI score0.05237EPSS
Exploits0References38
Wiz blog
Wiz blog
added 2023/06/05 12:56 p.m.27 views

CTO Point of View: Why Wiz is launching a Runtime Sensor

Today we are excited to announce the Wiz Runtime Sensor. The sensor collects signals in real-time from the workload runtime to simplify threat detection and response in the cloud as part of our Cloud Detection and Response CDR capabilities...

6.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.2 views

SUSE CVE-2007-6170

SQL injection vulnerability in the Call Detail Record Postgres logging engine cdrpgsql in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via 1 ANI and 2 DNIS arguments...

6.5CVSS8.6AI score0.02811EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.4 views

SUSE CVE-2017-7617

Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chansip, the CDR dialplan function, and the AMI Monitor action...

8.8CVSS9.2AI score0.06243EPSS
Exploits0References4
Prion
Prion
added 2022/12/25 8:15 p.m.21 views

Sql injection

A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of t...

7.5CVSS9.8AI score0.00679EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2022/12/25 7:20 p.m.76 views

CVE-2020-36630

FreePBX cdr 14.0 is affected by a SQL injection in the ajaxHandler function of ucp/Cdr.class.php through manipulation of the limit/offset parameter. The issue is resolved by upgrading to version 14.0.5.21, with the patch identified as f1a9eea2dfff30fb99d825bac194a676a82b9ec8. Connected sources co...

9.8CVSS8AI score0.00679EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2022/12/25 12:0 a.m.4 views

FreePBX SQL注入漏洞

FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk IP telephony system through a GUI web-based graphical interface. A SQL injection vulnerability exists in FreePBX cdr versions prior to 14.0.5.21, which stems from a problem wit...

9.8CVSS6.5AI score0.00679EPSS
Exploits0References5
Rows per page
Query Builder