CVE-2025-15251

The CVE-2025-15251 entry describes a vulnerability in beecue FastBee (SIP Message Handler) up to version 2.1. The issue is in getRootElement (springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java) and manifests as an XML External Entity (XXE) refer...

CVE-2025-12200

No description is available for this CVE. Mitigation No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability. To reduce the risk, restrict write access to the dnsmasq.conf file and related configuration directorie...

EUVD-2008-6538

Malware in sbrugna...

EUVD-2023-31338

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-28097

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Lengt...

Debian dla-3438 : kamailio - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3438 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3438-1 [email protected] https://www.debian.org/lts/security/...

Shannon Baseband fmtp SDP Attribute Memory Corruption

Shannon Baseband: Memory corruption when processing fmtp SDP attribute There is a memory corruption vulnerability that occurs when the baseband modem processes SDP when setting up a call. When an fmtp attribute is parsed, the integer that represents the payload type is copied into an 8-byte buffe...

USN-6022-1: Kamailio vulnerabilities

It was discovered that Kamailio did not properly sanitize SIP messages under certain circumstances. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM and 18.04 ESM. CVE-2018-16657 It was discovered...

CVE-2023-28098

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function parseparamname . This issue was discovered while performing coverag...

CVE-2023-28099

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, if dsisinlist is used with an invalid IP address string NULL is illegal input, OpenSIPS will attempt to print a string from a random address stack garbage, which could lead to a crash. All user...

CVE-2023-28097

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Length value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memo...

CVE-2023-28098

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function parseparamname . This issue was discovered while performing coverag...

CVE-2023-28097

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Length value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memo...

Design/Logic Flaw

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Length value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memo...

Authorization

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function parseparamname . This issue was discovered while performing coverag...

Design/Logic Flaw

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, if dsisinlist is used with an invalid IP address string NULL is illegal input, OpenSIPS will attempt to print a string from a random address stack garbage, which could lead to a crash. All user...

CVE-2023-28099

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, if dsisinlist is used with an invalid IP address string NULL is illegal input, OpenSIPS will attempt to print a string from a random address stack garbage, which could lead to a crash. All user...

CVE-2023-28099 OpenSIPS has vulnerability in the ds_is_in_list() function

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, if dsisinlist is used with an invalid IP address string NULL is illegal input, OpenSIPS will attempt to print a string from a random address stack garbage, which could lead to a crash. All user...

CVE-2023-28099 OpenSIPS has vulnerability in the ds_is_in_list() function

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, if dsisinlist is used with an invalid IP address string NULL is illegal input, OpenSIPS will attempt to print a string from a random address stack garbage, which could lead to a crash. All user...

CVE-2023-28099

OpenSIPS contains a vulnerability in ds_is_in_list() when given an invalid IP string (NULL). Prior to versions 3.1.9 and 3.2.6, this can cause a crash by printing from a random stack address. The issue affects users of ds_is_in_list() where the first parameter is not the $si value. Remediation is...