CVE-2025-12204

CVE-2025-12204 affects Kamailio 5.5. The vulnerable element is the function rve_destroy in the file src/core/rvalue.c of the Configuration File Handler, with a reported heap-based buffer overflow as the underlying issue. The attack is described as local, and public disclosures exist; however, som...

CVE-2025-12204 Kamailio Configuration File rvalue.c rve_destroy heap-based overflow

A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rvedestroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed...

EUVD-2025-36064

A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rvedestroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed...

CVE-2025-12200

Last updated 29 October 2025 Notes mdeslaur This issue requires replacing the root-owned configuration file. See https://www.openwall.com/lists/oss-security/2025/10/27/1 This CVE is likely to be rejected. Marking as deferred for now...

PT-2025-43867

Name of the Vulnerable Software and Affected Versions Kamailio version 5.5 Description A flaw exists in Kamailio 5.5 within the Grammar Rule Handler component, specifically in the yyerror at function located in the src/core/cfg.y file. This issue can lead to a null pointer dereference. Exploitati...

Kamailio 代码问题漏洞

Kamailio is an open source implementation of a SIP signaling server from Kamailio Open Source. A code issue vulnerability exists in Kamailio version 5.5, which stems from a null pointer dereference in the function yyerrorat in the file src/core/cfg.y, which could lead to a local attack...

Kamailio 缓冲区错误漏洞

Kamailio is an open source implementation of a SIP signaling server from Kamailio Open Source. A buffer error vulnerability exists in Kamailio version 5.5, which stems from a heap buffer overflow in the function rvedestroy in the file src/core/rvalue.c of the component Configuration File Handler,...

CVE-2025-12199

Last updated 29 October 2025 Notes mdeslaur This issue requires replacing the root-owned configuration file. See https://www.openwall.com/lists/oss-security/2025/10/27/1 This CVE is likely to be rejected. Marking as deferred for now...

PT-2025-43865

Name of the Vulnerable Software and Affected Versions Kamailio version 5.5 Description A flaw exists in Kamailio that involves a use-after-free condition. This issue is located within the Configuration File Handler component, specifically in the sr push yy state function of the src/core/cfg.lex...

MCP JSON Config Detected (Windows)

Binary data mcpjsonconfigdetectedwin.nbin...

CVE-2025-11947

CVE-2025-11947 affects bftpd up to version 6.2. The vulnerability is a heap-based overflow in the expand_groups function of options.c within the Configuration File Handler. Exploitation requires local access (attack vector: LOCAL) with HIGH complexity and LOW privileges, as described in the sourc...

CVE-2025-11947 bftpd Configuration File options.c expand_groups heap-based overflow

A weakness has been identified in bftpd up to 6.2. Impacted is the function expandgroups of the file options.c of the component Configuration File Handler. Executing a manipulation can lead to heap-based buffer overflow. It is possible to launch the attack on the local host. Attacks of this natur...

CVE-2025-11947 bftpd Configuration File options.c expand_groups heap-based overflow

A weakness has been identified in bftpd up to 6.2. Impacted is the function expandgroups of the file options.c of the component Configuration File Handler. Executing a manipulation can lead to heap-based buffer overflow. It is possible to launch the attack on the local host. Attacks of this natur...

bftpd 安全漏洞

Bftpd is an FTP File Transfer Protocol server. A security vulnerability exists in bftpd 6.2 and earlier versions, which originates from a heap buffer overflow in the function expandgroups in the file options.c of the component Configuration File Handler, which could lead to a localhost attack...

IBM Sterling B2B Integrator和IBM Sterling File Gateway 安全漏洞

IBM Sterling B2B Integrator and IBM Sterling File Gateway are both products of International Business Machines IBM.IBM Sterling B2B Integrator is a suite of software that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B...

CVE-2025-60536

An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...

Tenda AC7 /goform/SetDDNSCfg File Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter ddnsEn in the file /goform/SetDDNSCfg that fails to correctly validate the length and size of the input data, and can be...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A security vulnerability exists in F5 BIG-IP that originates from the presence of a malformed JSON schema in the JSON content...

CVE-2025-60536

An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...

CVE-2025-60536

An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...