This vulnerability is related to CVE-2022-24793. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. PJSIP is a free and open source multimedia communication library written in C. Netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution. Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |