Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-04-28 | CVE-2020-1774 | When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects ((OTRS)) Community Edition: 5.0.42 and prior versions, 6.0.27 and prior versions. OTRS: 7.0.16 and prior versions. | Debian_linux, Otrs | 4.9 | ||
2021-10-26 | CVE-2021-41182 | jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. | Debian_linux, Drupal, Fedora, Jquery_ui, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Agile_plm, Application_express, Banking_platform, Big_data_spatial_and_graph, Communications_interactive_session_recorder, Communications_operations_monitor, Hospitality_inventory_management, Hospitality_materials_control, Hospitality_suite8, Jd_edwards_enterpriseone_tools, Mysql_enterprise_monitor, Peoplesoft_enterprise_peopletools, Policy_automation, Primavera_unifier, Rest_data_services, Weblogic_server, Tenable\.sc | 6.1 | ||
2021-10-26 | CVE-2021-41183 | jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. | Debian_linux, Drupal, Fedora, Jquery_ui, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Agile_plm, Application_express, Banking_platform, Big_data_spatial_and_graph, Communications_interactive_session_recorder, Communications_operations_monitor, Hospitality_inventory_management, Hospitality_suite8, Jd_edwards_enterpriseone_tools, Mysql_enterprise_monitor, Peoplesoft_enterprise_peopletools, Policy_automation, Primavera_gateway, Rest_data_services, Weblogic_server, Tenable\.sc | 6.1 | ||
2021-12-22 | CVE-2021-37706 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and... | Certified_asterisk, Debian_linux, Asterisk, Pjsip | 9.8 | ||
2022-01-27 | CVE-2022-21723 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds. | Certified_asterisk, Debian_linux, Asterisk, Pjsip | 9.1 | ||
2021-12-22 | CVE-2021-43804 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access. This issue affects all users that use PJMEDIA and RTCP. A malicious actor can send a RTCP BYE message with an... | Debian_linux, Pjsip | 7.3 | ||
2021-12-27 | CVE-2021-43845 | PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size. | Debian_linux, Pjsip | 9.1 | ||
2022-01-27 | CVE-2022-21722 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds. | Debian_linux, Pjsip | 9.1 | ||
2022-02-16 | CVE-2021-43299 | Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. | Debian_linux, Pjsip | 9.8 | ||
2022-02-16 | CVE-2021-43300 | Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. | Debian_linux, Pjsip | 9.8 |