Server-side Request Forgery (SSRF)

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the setconfigvalue function. An attacker can intercept all outbound HTTP traffic, steal credentials, and inject...

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the MSL decoder process. An attacker can cause a crash by providing a specially crafted MSL file. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Commit ...

Linux Distros Unpatched Vulnerability : CVE-2022-24764

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affect...

Linux Distros Unpatched Vulnerability : CVE-2022-23547

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN,...

UBUNTU-CVE-2023-38703

PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not...

PT-2022-16970 · Flask +1 · Flask +1

Name of the Vulnerable Software and Affected Versions: Piano LED Visualizer versions 1.3 and prior Description: The issue concerns a path traversal attack. The os.path.join call is unsafe for use with untrusted input, as it ignores all parameters encountered before an absolute path and starts...

DEBIAN-CVE-2022-24792

PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length...

PT-2022-2679 · Pjsip +3 · Pjsip +3

Name of the Vulnerable Software and Affected Versions: PJSIP versions 2.12 and prior Description: The issue is related to a denial-of-service condition that occurs when handling WAV files. It affects 32-bit systems using PJSIP to play or read invalid WAV files, specifically when reading WAV file...

ALPINE-CVE-2022-24793

PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to...

ALPINE-CVE-2022-24786

PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI Reference Picture Selection Indication packet, but any app that directly uses pjmediartcpfbparserpsi will be affected. A patch is available in the...

PT-2022-16893 · Miraheze · Createwiki

Name of the Vulnerable Software and Affected Versions: CreateWiki affected versions not specified Description: CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent...

UBUNTU-CVE-2022-24764

PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API pjmediasdpprint, pjmediasdpmediaprint. Applications that do not use PJSUA2 and do not directly...

ALPINE-CVE-2022-24754

PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials credentials with datatype PJSIPCREDDATADIGEST...

ALPINE-CVE-2022-21722

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially...

PT-2022-2174 · Pjsip +3 · Pjsip +3

Name of the Vulnerable Software and Affected Versions: PJSIP versions 2.11.1 and prior Description: The issue is related to a buffer overflow in memory when handling RTP/RTCP packets, which can be exploited by a remote attacker to cause a denial of service. PJSIP is a free and open source...