16 matches found
EUVD-2020-23318
Malware in sbrugna...
PT-2023-28358 · Unknown · Com.Cutestudio.Colordialer
Name of the Vulnerable Software and Affected Versions: com.cutestudio.colordialer versions 2.1.8-2 and earlier Description: The issue allows a remote attacker to initiate phone calls without user consent due to improper export of the com.cutestudio.dialer.activities.DialerActivity component. A...
CVE-2020-35652
An issue was discovered in respjsipdiversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is...
CVE-2020-35652
An issue was discovered in respjsipdiversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is...
Design/Logic Flaw
An issue was discovered in respjsipdiversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is...
UBUNTU-CVE-2020-35652
An issue was discovered in respjsipdiversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is...
Sangoma Asterisk Multiple Product Security Vulnerabilities
Digium Asterisk is a set of open source telephone exchange PBX system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR, and more. A security vulnerability exists in several Sangoma Asterisk products that stems from a crash...
PT-2021-11818 · Asterisk +1 · Asterisk +1
Name of the Vulnerable Software and Affected Versions: Asterisk versions prior to 13.38.0 Asterisk versions 14.x through 16.x before 16.15.0 Asterisk versions 17.x before 17.9.0 Asterisk versions 18.x before 18.1.0 Description: An issue was discovered in res pjsip diversion.c. A crash can occur...
CVE-2017-14098
In the pjsip channel driver respjsip in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash...
CVE-2017-14098
In the pjsip channel driver respjsip in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash...
CVE-2017-14098
CVE-2017-14098 affects the Asterisk pjsip channel driver (res_pjsip). A specially crafted tel URI in a From, To, or Contact header can cause Asterisk to crash. Affected versions are Asterisk 13.x prior to 13.17.1 and 14.x prior to 14.6.1. The vulnerability is demonstrated by crash behavior withou...
Digium Asterisk Denial of Service Vulnerability (CNVD-2017-30817)
Digium Asterisk is a set of open source telephone exchange PBX system software from Digium, USA. The software supports voicemail , multi-party voice conferencing , interactive voice response IVR , etc. pjsip channel driver respjsip is one of the pjsip driver . A security vulnerability exists in t...
Jolla Phone URI Spoofing
-------------------------- NSOADV-2015-001 --------------------------- Jolla Phone tel URI Spoofing 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11 1111111 1 111 111001 111111111 0 10 111...
Apple iPhone Safari浏览器tel: URI处理拒绝服务漏洞
BUGTRAQ ID: 36386 CVE ID: CVE-2009-3271 iPhone是苹果发布的智能手机。 iPhone OS中内嵌的Safari浏览器在处理网页IFRAME元素SRC属性中的超长tel: URL时可能会崩溃。 Apple iPhone OS 3.0.1 厂商补丁: Apple ----- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.apple.com Apple Safari Iphone Crash using tel: Found by cloud :...
Apple iPhone functionality abuse
By using tel: URI it's possible to force phone to dial some number without user's confirmation...
Nokia 6131存在多个漏洞
BUGTRAQ ID: 30716 CNCAN ID:CNCAN-2008081804 Nokia 6131是一款支持近距离通信NFC的手机设备。 Nokia 6131设备存在URL欺骗和拒绝服务攻击,远程攻击者可以利用漏洞使设备崩溃,造成拒绝服务攻击。 当显示NDEF Smart Poster和明文URI标签的内容时存在URI/URL欺骗,当装载WEB页时浏览器不正确显示完全的主机名。 NDEF记录解析器在处理包含0xFFFFFFFF或0xFFFFFFFE的记录负载长度字段时会导致崩溃。 当电话号码超过124个字符时,SMS和TEL URI处理器会崩溃。 Nokia 6131...