PT-2024-15323 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software name or version is mentioned in the provided descriptions. Description: In the getConfig function of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could...

Google Android Security Vulnerability

Google Android is a Linux-based open-source operating system from Google Inc. in the United States. A security vulnerability exists in Google Android, which stems from a missing validation check in the getConfig method of the SoftVideoDecoderOMXComponent.cpp file, which may result in an...

The vulnerability of the AMI interface of Asterisk management systems for IP-telephony devices allows a hacker to gain access to and read arbitrary files.

The vulnerability of the AMI interface of Asterisk management systems for IP-telephony and Certified Asterisk is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow an attacker, operating remotely, to gain read access to...

Asterisk Multiple Vulnerabilities (Dec 2023)

Asterisk is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk"; if description...

D-Link DIR-825 Buffer Overflow Vulnerability (CNVD-2023-21665)

D-Link DIR-825 is a router from D-Link, a Chinese company. D-Link DIR-825 v1.33.0.44ebdd4-embedded and previous versions are vulnerable to a buffer overflow vulnerability, which is caused by a boundary error when handling untrusted input, and can be exploited to execute arbitrary code against the...

CVE-2022-47035

Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint...

CVE-2022-47035

Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint...

Buffer overflow

Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint...

D-Link DIR-825 安全漏洞

D-Link DIR-825 is a router from D-Link, a Chinese company. D-Link DIR-825 v1.33.0.44ebdd4-embedded and previous versions are vulnerable to a buffer overflow vulnerability, which is caused by a boundary error when handling untrusted input, and can be exploited to execute arbitrary code against the...

CVE-2022-47035

Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint...

CVE-2022-47035

Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint...

ALPINE-CVE-2022-42706

An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal...

DEBIAN-CVE-2022-42706

An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal...

CVE-2022-42706

An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal...

CVE-2022-42706

An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal...

PT-2022-26511 · Sangoma +1 · Asterisk +1

Name of the Vulnerable Software and Affected Versions: Sangoma Asterisk versions 16.28 and earlier, 17, 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1 Description: An issue was discovered in Sangoma Asterisk that allows a connected application to access files outside of the...

Asterisk 路径遍历漏洞

Asterisk is a software for PBX systems that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk suffers from a security vulnerability that stems from the vulnerability of remote authentication sessions, where GetConfig AMI Action can read files outside of a directory,...

Asterisk -- multiple vulnerabilities

The Asterisk project reports: AST-2022-007: Remote Crash Vulnerability in H323 channel add on AST-2022-008: Use after free in respjsippubsub.c AST-2022-009: GetConfig AMI Action can read files outside of Asterisk directory...

CVE-2022-37700

Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information remote. The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig...

Directory traversal

Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information remote. The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig...