CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1830 – Ekiga attempts to dlopen /tmp/ekiga_test.so
https://notcve.org/view.php?id=CVE-2011-1830
Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so. Las versiones de Ekiga anteriores a la 3.3.0 intentaron cargar un módulo desde /tmp/ekiga_test.so. • https://gitlab.gnome.org/GNOME/ekiga/commit/02654fc949722a78d41fcffac8687d73d8574647 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0CVE-2012-5621
https://notcve.org/view.php?id=CVE-2012-5621
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings. lib/engine/components/opal/opal-call.cpp en ekiga anterior a 4.0.0 permite a atacantes remotos causar una denegación de servicio (caída) a través de una conexión con un nombre de parte que contiene cadenas UTF-8 inválidas. • http://ftp.gnome.org/pub/gnome/sources/ekiga/4.0/ekiga-4.0.0.news http://seclists.org/oss-sec/2012/q4/407 http://www.securityfocus.com/bid/56790 https://blogs.oracle.com/sunsecurity/entry/cve_2012_5621_denial_of https://bugzilla.redhat.com/show_bug.cgi?id=883058 https://exchange.xforce.ibmcloud.com/vulnerabilities/80640 https://git.gnome.org/browse/ekiga/commit/?id=7d09807257 https://lists.fedoraproject.org/pipermail/package-announce/2013-March/099554.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 2%CPEs: 7EXPL: 1CVE-2013-1864
https://notcve.org/view.php?id=CVE-2013-1864
The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack." Portable Tool Library (también conocido como PTLib) anterior a 2.10.10, utilizado en Ekiga anterior a 4.0.1, no detecta debidamente recursión durante expansión de entidad, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria y CPU) a través de un documento PXML manipulado que contiene un número grande de referencias de entidad anidadas, también conocido como 'ataque de un billón de risas.' • http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099553.html http://osvdb.org/91439 http://seclists.org/oss-sec/2013/q1/674 http://secunia.com/advisories/52659 http://sourceforge.net/p/opalvoip/code/28856 http://www.ekiga.org/news/2013-02-21/ekiga-4.0.1-stable-available http://www.securityfocus.com/bid/58520 https://exchange.xforce.ibmcloud.com/vulnerabilities/82885 https://www.suse.com/support/update/announcement/2014/suse-su-20140237-1.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 16%CPEs: 2EXPL: 1CVE-2007-4924 – OpenH323 Opal SIP Protocol - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-4924
The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address." Open Phone Abstraction Library (opal), como la usada en (1) Ekiga anterior a 2.0.10 y (2) OpenH323 anterior a 2.2.4, permite a atacantes remotos provocar una denegación de servicio (caída) mediante una cabecera Content-Length inválida en paquetes SIP del Protocolo de Inicio de Sesión (SIP, Session Initiation Protocol), lo cual provoca que el byte \0 sea escrito en una "dirección controlada por el atacante". • https://www.exploit-db.com/exploits/9240 http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html http://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.html http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20 http://osvdb.org/41637 http://secunia.com/advisories/27118 http://secunia.com/advisories/27128 http://secunia.com/advisories/27129 http://secunia.com/advisories/27271 http://secunia.com/ • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 23%CPEs: 1EXPL: 1CVE-2007-4897 – Ekiga 2.0.5 - 'GetHostAddress' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-4897
pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". NOTE: this issue was originally reported as being in the SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting). pwlib, tal y como es usada por Ekiga versión 2.0.5 y posiblemente otros productos, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) por medio de un argumento largo en la función PString::vsprintf, relacionado con un "memory management flaw". NOTA: este problema se reportó originalmente como estando en la función SIPURL::GetHostAddress en Ekiga (anteriormente GnomeMeeting). • https://www.exploit-db.com/exploits/9241 http://blog.s21sec.com/2007/09/sobre-la-vulnerabilidad-del-ekiga.html http://marc.info/?l=full-disclosure&m=118959114522339&w=2 http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sipcon.cxx?r1=2.120.2.25&r2=2.120.2.26&pathrev=v2_2_9 http://secunia.com/advisories/27127 http://secunia.com/advisories/27150 http://secunia.com/advisories/27518 http://secunia.com/advisories/28385 http://securityreason.com/securityalert/3138 • CWE-399: Resource Management Errors •