Lucene search
K

198 matches found

NVD
NVD
added 2025/05/07 10:15 p.m.29 views

CVE-2025-41433

When a Session Initiation Protocol SIP message routing framework MRF application layer gateway ALG profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of...

8.7CVSS0.00357EPSS
Exploits0References1
CVE
CVE
added 2025/05/07 10:4 p.m.67 views

CVE-2025-41433

CVE-2025-41433 affects F5 BIG-IP SIP MRF ALG profile. When configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate, enabling a potential DoS. Affected product scope per vendor advisories includes BIG-IP (all modules) acr...

8.7CVSS7.6AI score0.00357EPSS
Exploits0References1Affected Software21
RedhatCVE
RedhatCVE
added 2025/02/06 4:50 a.m.10 views

CVE-2021-37624

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...

7.5CVSS6.6AI score0.0352EPSS
Exploits5References1
Cvelist
Cvelist
added 2024/08/21 5:2 p.m.16 views

CVE-2024-20375

A vulnerability in the SIP call processing function of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected devic...

8.6CVSS0.00745EPSS
Exploits0References1
NVD
NVD
added 2023/03/15 9:15 p.m.53 views

CVE-2023-27597

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function rewriteruri, a crash occurs due to a segmentation fault. This issue causes the server to crash. It affects configurations...

7.5CVSS7.5AI score0.00738EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/15 8:58 p.m.46 views

CVE-2023-27599 OpenSIPS has vulnerability in the parse_to_param() function

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, when the function appendhf handles a SIP message with a malformed To header, a call to the function abort is performed, resulting in a crash. This is due to the following check in datalump.c:39...

7.5CVSS7.6AI score0.00971EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.6 views

OpenSIPS 输入验证错误漏洞

OpenSIPS is a GPL-licensed SIP server implementation from the individual developers of OpenSIPS. An input validation error vulnerability exists in OpenSIPS version 3.2 and earlier, which stems from a system crash when an incorrectly formatted SDP body is received and processed by the...

7.5CVSS7.3AI score0.0099EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.3 views

SUSE CVE-2021-33056

Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message...

7.5CVSS7.9AI score0.01294EPSS
Exploits0References3
Prion
Prion
added 2022/05/05 5:15 p.m.17 views

Design/Logic Flaw

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol SIP message routing framework MRF application layer gateway ALG profile is configured on a Message Routing virtual server, undisclosed request...

5CVSS7.5AI score0.00764EPSS
Exploits0References1Affected Software11
Veracode
Veracode
added 2022/03/12 3:2 p.m.21 views

Out-of-Bounds Read

pjproject is vulnerable to out of bounds read. The vulnerability exists due to a lack of validation of incoming SIP message that contains a malformed multipart...

9.1CVSS1.8AI score0.04478EPSS
Exploits0References10Affected Software3
FreeBSD
FreeBSD
added 2022/03/03 12:0 a.m.52 views

asterisk -- multiple vulnerabilities

The Asterisk project reports: AST-2022-004 - The header length on incoming STUN messages that contain an ERROR-CODE attribute is not properly checked. This can result in an integer underflow. Note, this requires ICE or WebRTC support to be in use with a malicious remote party. AST-2022-005 - When...

0.1AI score
Exploits0References3
NVD
NVD
added 2021/11/12 10:15 p.m.29 views

CVE-2021-43610

Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header request URI without a parameter in an unauthenticated SIP message, a different issue than CVE-2021-33056...

7.5CVSS0.01153EPSS
Exploits0References2
OSV
OSV
added 2021/11/12 10:15 p.m.32 views

CVE-2021-43610

Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header request URI without a parameter in an unauthenticated SIP message, a different issue than CVE-2021-33056...

7.5CVSS7.2AI score
Exploits0References2
Prion
Prion
added 2021/11/12 10:15 p.m.29 views

Design/Logic Flaw

Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header request URI without a parameter in an unauthenticated SIP message, a different issue than CVE-2021-33056...

5CVSS7.7AI score0.01294EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/11/12 9:53 p.m.50 views

CVE-2021-43610

CVE-2021-43610 describes a denial-of-service issue in Belledonne Belle-sip before 5.0.20, where an unauthenticated SIP message containing an invalid From header (request URI without a parameter) can crash applications such as Linphone. This is a separate issue from CVE-2021-33056. The Red Hat and...

7.5CVSS7.6AI score0.01153EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2021/11/05 11:38 a.m.20 views

Authentication Bypass

freeswitch is vulnerable to Authentication Bypass. The vulnerability exists because the SIP MESSAGE requests are not properly authenticated which allows an attacker to to send SIP MESSAGE messages to any SIP user agent that is registered with the server...

7.5CVSS3.7AI score0.0352EPSS
Exploits5References7Affected Software1
0day.today
0day.today
added 2021/10/26 12:0 a.m.440 views

FreeSWITCH 1.10.6 Missing SIP MESSAGE Authentication Exploit

FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-07-freeswitch-SIP-MESSAGE-without-auth - Vendor Security Advisory:...

7.5CVSS0.4AI score0.0352EPSS
Exploits5
OSV
OSV
added 2021/10/25 4:15 p.m.15 views

CVE-2021-37624

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...

7.5CVSS1.7AI score
Exploits0References5
Prion
Prion
added 2021/10/25 4:15 p.m.20 views

Authentication flaw

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...

5CVSS7.3AI score0.0352EPSS
Exploits5References5Affected Software1
Cvelist
Cvelist
added 2021/10/25 4:10 p.m.24 views

CVE-2021-37624 FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...

7.5CVSS7.8AI score0.0352EPSS
Exploits5References5
Rows per page
Query Builder