CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

137 matches found

Tenable Nessus•added 2026/05/08 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-42225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport siptransporttls ca...

8.2CVSS5.7AI score0.00021EPSS

Exploits0References3

OSV•added 2026/05/07 8:16 p.m.•3 views

DEBIAN-CVE-2026-42225

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport siptransporttls can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via...

5.9CVSS5.7AI score0.00021EPSS

Exploits0References1

UbuntuCve•added 2026/05/07 8:16 p.m.•1 views

CVE-2026-42225

8.2CVSS5.7AI score0.00021EPSS

Exploits0References5

CVE•added 2026/05/07 6:47 p.m.•10 views

CVE-2026-42225

PJSIP’s GnuTLS-enabled SIP TLS transport (sip_transport_tls) in builds prior to version 2.17 can accept connections with invalid/untrusted certificates even when verify_server/verify_client are PJ_TRUE. The vulnerability arises from certificate verification being effectively skipped for those bui...

8.2CVSS5.7AI score0.00021EPSS

Exploits0References3Affected Software1

Debian CVE•added 2026/05/07 6:47 p.m.•5 views

CVE-2026-42225

8.2CVSS5.7AI score0.00021EPSS

Exploits0

ATTACKERKB•added 2026/05/07 6:47 p.m.•3 views

CVE-2026-42225

8.2CVSS5.7AI score0.00021EPSS

Exploits0References4Affected Software1

Tenable Nessus•added 2026/04/27 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-41415

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed...

9.1CVSS5.9AI score0.00061EPSS

Exploits0References3

OSV•added 2026/04/24 7:17 p.m.•0 views

UBUNTU-CVE-2026-41416

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can...

9.3CVSS6AI score0.0006EPSS

Exploits0References4

Cvelist•added 2026/04/24 6:40 p.m.•30 views

CVE-2026-41416 PJSIP: Asymmetric ptime integer overflow in Media Stream

9.3CVSS0.0006EPSS

Exploits0References2

CVE•added 2026/04/24 6:40 p.m.•7 views

CVE-2026-41416

PJSIP (C library) has an integer overflow in the media stream buffer size calculation when processing SDP with asymmetric ptime configuration in versions 2.16 and earlier. This may lead to an undersized buffer and memory corruption or unexpected termination. The issue is fixed in version 2.17; up...

9.3CVSS5.8AI score0.0006EPSS

Exploits0References2Affected Software1

Debian CVE•added 2026/04/24 6:40 p.m.•4 views

CVE-2026-41416

9.3CVSS5.8AI score0.0006EPSS

Exploits0

ATTACKERKB•added 2026/04/24 6:38 p.m.•2 views

CVE-2026-41415

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message body. Insufficient length validation can cause reads beyond the intended buffer bounds. This...

8.8CVSS5.5AI score0.00061EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/04/24 6:38 p.m.•28 views

CVE-2026-41415 PJSIP: SIP Multipart CID URI Length Underflow

8.8CVSS0.00061EPSS

Exploits0References2

CVE•added 2026/04/24 6:38 p.m.•10 views

CVE-2026-41415

PJSIP (the C library) contains CVE-2026-41415: in 2.16 and earlier, parsing a malformed Content-ID URI in a SIP multipart message body can trigger an out-of-bounds read due to insufficient length validation. Red Hat describes a potential denial-of-service impact and notes mitigation may not meet ...

9.1CVSS5.5AI score0.00061EPSS

Exploits0References2Affected Software1

Debian CVE•added 2026/04/24 6:38 p.m.•1 views

CVE-2026-41415

9.1CVSS5.5AI score0.00061EPSS

Exploits0

Positive Technologies•added 2026/04/24 12:0 a.m.•0 views

PT-2026-35058

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.17 Description An out-of-bounds read occurs when parsing a malformed Content-ID URI in a SIP multipart message body. This is caused by insufficient length validation, which allows reads to extend beyond the intended...

8.8CVSS5.4AI score0.00061EPSS

Exploits0References5

NVD•added 2026/04/21 9:16 p.m.•1 views

CVE-2026-40892

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsipauthcreatedigest2 in PJSIP when using pre-computed digest credentials PJSIPCREDDATADIGEST. The function copies credential data using credinfo-data.slen as the...

9.8CVSS0.00069EPSS

Exploits0References2

OSV•added 2026/04/21 9:16 p.m.•2 views

UBUNTU-CVE-2026-40892

9.8CVSS6AI score0.00069EPSS

Exploits0References4

Vulnrichment•added 2026/04/21 7:55 p.m.•1 views

CVE-2026-40892 PJSIP: Stack buffer overflow in pjsip_auth_create_digest2()

9.3CVSS6AI score0.00069EPSS

Exploits0References2

CVE•added 2026/04/21 7:55 p.m.•4 views

CVE-2026-40892

CVE-2026-40892 (PJSIP) : A stack buffer overflow exists in pjsip_auth_create_digest2() for 2.16 and earlier when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies cred_info->data.slen without an upper-bound check, which can overflow the fixed-size ha1 buffer (...

9.8CVSS6AI score0.00069EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by