CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 0CVE-2014-6310
https://notcve.org/view.php?id=CVE-2014-6310
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function. Un desbordamiento de búfer en CHICKEN versiones 4.9.0 y 4.9.0.1, puede permitir a atacantes remotos ejecutar código arbitrario por medio de la función "select". • http://www.openwall.com/lists/oss-security/2014/09/11/6 http://www.securityfocus.com/bid/69727 https://lists.nongnu.org/archive/html/chicken-users/2014-08/msg00055.html https://security-tracker.debian.org/tracker/CVE-2014-6310 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 1CVE-2015-7810
https://notcve.org/view.php?id=CVE-2015-7810
libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files La clase libbluray MountManager presenta una carrera de tiempo de comprobación y tiempo de uso (TOCTOU) cuando se expanden archivos JAR. • http://www.openwall.com/lists/oss-security/2015/10/12/7 http://www.securityfocus.com/bid/72769 https://access.redhat.com/security/cve/cve-2015-7810 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7810 https://security-tracker.debian.org/tracker/CVE-2015-7810 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2015-5694
https://notcve.org/view.php?id=CVE-2015-5694
Designate does not enforce the DNS protocol limit concerning record set sizes Designate no aplica el límite del protocolo DNS con respecto a los tamaños del conjunto de registros. • http://www.openwall.com/lists/oss-security/2015/07/28/11 http://www.openwall.com/lists/oss-security/2015/07/29/6 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5694 https://security-tracker.debian.org/tracker/CVE-2015-5694 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.0EPSS: 69%CPEs: 11EXPL: 0CVE-2019-18610
https://notcve.org/view.php?id=CVE-2019-18610
An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. Se detectó un problema en el archivo manager.c en Sangoma Asterisk versiones hasta 13.x, 16.x, 17.x y Certified Asterisk versiones 13.21 hasta 13.21-cert4. Un usuario de Asterisk Manager Interface (AMI) autenticado remoto sin autorización del sistema podría usar una petición Originate AMI especialmente diseñada para ejecutar comandos arbitrarios del sistema. • http://downloads.asterisk.org/pub/security/AST-2019-007.html https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html https://www.asterisk.org/downloads/security-advisories • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2019-18790
https://notcve.org/view.php?id=CVE-2019-18790
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. • http://downloads.asterisk.org/pub/security/AST-2019-006.html https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html https://www.asterisk.org/downloads/security-advisories • CWE-862: Missing Authorization •