119 matches found
FreePBX Security Vulnerabilities
FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk an IP telephony system through a GUI web-based graphical interface. A security vulnerability exists in FreePBX that stems from the presence of an access control error issue...
CVE-2023-43336
Summary: CVE-2023-43336 affects Sangoma/FreePBX; an access‑control issue allows bypass via a modified parameter value. Affected software (from provided docs): Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17. Technical detail (root cause): Access control flaw via a m...
DEBIAN-CVE-2023-39948
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the BadParamException thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 conta...
CVE-2023-39946
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...
CVE-2023-39946
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...
CVE-2023-39948
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the BadParamException thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 conta...
UBUNTU-CVE-2023-39948
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the BadParamException thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 conta...
UBUNTU-CVE-2023-39946
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...
CVE-2023-39948 Uncaught fastcdr exception (Unexpected CDR type received) crashing fastdds
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the BadParamException thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 conta...
CVE-2023-39948
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the BadParamException thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 conta...
CVE-2023-39946 Heap overflow in push_back_helper due to a CDR message
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...
CVE-2023-39946 Heap overflow in push_back_helper due to a CDR message
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...
eProsima Fast DDS Buffer Error Vulnerability
eProsima Fast DDS is the C++ implementation of eProsima's OMG Object Management Group DDS Data Distribution Service standard. A security vulnerability exists in eProsima Fast DDS version 2.9.1, which originates from a heap overflow that can be caused by supplying the PIDPROPERTYLIST parameter wit...
PT-2023-4900 · Eprosima +2 · Eprosima Fast Dds +2
Name of the Vulnerable Software and Affected Versions: eprosima Fast DDS versions prior to 2.10.0 and 2.6.5 Description: The issue is related to insufficient handling of exceptional states in the eprosima Fast DDS library, which is a C++ implementation of the Data Distribution Service standard of...
CTO Point of View: Why Wiz is launching a Runtime Sensor
Today we are excited to announce the Wiz Runtime Sensor. The sensor collects signals in real-time from the workload runtime to simplify threat detection and response in the cloud as part of our Cloud Detection and Response CDR capabilities...
SUSE CVE-2007-6170
SQL injection vulnerability in the Call Detail Record Postgres logging engine cdrpgsql in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via 1 ANI and 2 DNIS arguments...
SUSE CVE-2017-7617
Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chansip, the CDR dialplan function, and the AMI Monitor action...
Sql injection
A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of t...
CVE-2020-36630
FreePBX cdr 14.0 is affected by a SQL injection in the ajaxHandler function of ucp/Cdr.class.php through manipulation of the limit/offset parameter. The issue is resolved by upgrading to version 14.0.5.21, with the patch identified as f1a9eea2dfff30fb99d825bac194a676a82b9ec8. Connected sources co...
FreePBX SQL注入漏洞
FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk IP telephony system through a GUI web-based graphical interface. A SQL injection vulnerability exists in FreePBX cdr versions prior to 14.0.5.21, which stems from a problem wit...