CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1830 – Ekiga attempts to dlopen /tmp/ekiga_test.so
https://notcve.org/view.php?id=CVE-2011-1830
22 Apr 2019 — Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so. Las versiones de Ekiga anteriores a la 3.3.0 intentaron cargar un módulo desde /tmp/ekiga_test.so. • https://gitlab.gnome.org/GNOME/ekiga/commit/02654fc949722a78d41fcffac8687d73d8574647 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2012-5621
https://notcve.org/view.php?id=CVE-2012-5621
29 Sep 2014 — lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings. lib/engine/components/opal/opal-call.cpp en ekiga anterior a 4.0.0 permite a atacantes remotos causar una denegación de servicio (caída) a través de una conexión con un nombre de parte que contiene cadenas UTF-8 inválidas. • http://ftp.gnome.org/pub/gnome/sources/ekiga/4.0/ekiga-4.0.0.news • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 7EXPL: 1CVE-2013-1864
https://notcve.org/view.php?id=CVE-2013-1864
23 May 2014 — The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack." Portable Tool Library (también conocido como PTLib) anterior a 2.10.10, utilizado en Ekiga anterior a 4.0.1, no detecta debidamente recursión durante expansión de en... • http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099553.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 22%CPEs: 2EXPL: 1CVE-2007-4924 – OpenH323 Opal SIP Protocol - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-4924
08 Oct 2007 — The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address." Open Phone Abstraction Library (opal), como la usada en (1) Ekiga anterior a 2.0.10 y (2) OpenH323 anterior a 2.2.4, permite a atacantes remotos provocar una denegación de servici... • https://www.exploit-db.com/exploits/9240 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-0999
https://notcve.org/view.php?id=CVE-2007-0999
10 Mar 2007 — Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006. Vulnerabilidad de cadena de formato en Ekiga 2.0.3, y probablemente otras versiones, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados, una vulnerabilidad distinta de CVE-2007-1006. • http://www.mandriva.com/security/advisories?name=MDKSA-2007:058 •
CVSS: 10.0EPSS: 13%CPEs: 9EXPL: 0CVE-2007-1007
https://notcve.org/view.php?id=CVE-2007-1007
20 Feb 2007 — Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. Vulnerabilidad de cadena de formato en GnomeMeeting 1.0.2 y anteriores permiten a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante cadenas de formato en el nombre, que no e... • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2007-1006 – Ekiga format string flaw
https://notcve.org/view.php?id=CVE-2007-1006
20 Feb 2007 — Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet. Múltiples vulnerabilidades de cadena de formato en la función gm_main_window_flash_message en Ekiga versiones anteriores a 2.0.5, permiten a atacantes causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de un paquete SETUP Q.931 especialmente diseñado. • http://fedoranews.org/cms/node/2682 • CWE-134: Use of Externally-Controlled Format String •