Search CVE reports
31 – 40 of 1332 results
CVE-2022-24793
Medium prioritySome fixes available 2 of 5
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who...
3 affected packages
pjproject, ring, sflphone
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pjproject | — | — | — | Needs evaluation | Needs evaluation |
ring | Not in release | — | Fixed | Fixed | Ignored |
sflphone | — | — | — | — | Ignored |
CVE-2022-24786
Medium priorityPJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses...
3 affected packages
pjproject, ring, sflphone
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pjproject | — | — | — | Needs evaluation | Needs evaluation |
ring | Not in release | — | Needs evaluation | Needs evaluation | Ignored |
sflphone | — | — | — | — | Ignored |
CVE-2022-22950
Medium priorityn Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
1 affected packages
libspring-java
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-22965
High priorityA Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application...
1 affected packages
libspring-java
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-24763
Medium prioritySome fixes available 2 of 5
PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps....
2 affected packages
pjproject, ring
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pjproject | — | — | — | Needs evaluation | Needs evaluation |
ring | Not in release | — | Fixed | Fixed | Ignored |
CVE-2022-24764
Medium prioritySome fixes available 2 of 5
PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API...
2 affected packages
pjproject, ring
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pjproject | — | — | — | Needs evaluation | Needs evaluation |
ring | Not in release | — | Fixed | Fixed | Ignored |
CVE-2022-24754
Medium prioritySome fixes available 2 of 5
PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed...
2 affected packages
pjproject, ring
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pjproject | — | — | — | Needs evaluation | Needs evaluation |
ring | Not in release | — | Fixed | Fixed | Ignored |
CVE-2022-23608
Low prioritySome fixes available 2 of 14
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set...
3 affected packages
asterisk, pjproject, ring
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
asterisk | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
pjproject | — | — | — | Needs evaluation | Needs evaluation |
ring | Not in release | — | Fixed | Fixed | Ignored |
CVE-2021-43303
Medium prioritySome fixes available 2 of 14
Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer,...
3 affected packages
asterisk, pjproject, ring
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
asterisk | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
pjproject | — | — | — | Needs evaluation | Needs evaluation |
ring | Not in release | — | Fixed | Fixed | Ignored |
CVE-2021-43302
Medium prioritySome fixes available 2 of 14
Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters.
3 affected packages
asterisk, pjproject, ring
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
asterisk | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
pjproject | — | — | — | Needs evaluation | Needs evaluation |
ring | Not in release | — | Fixed | Fixed | Ignored |