[SECURITY] Fedora 44 Update: libre-4.8.1-1.fc44

Libre is a generic library for real-time communications with async I/O support. Features are a SIP stack RFC 3261, SDP, RTP and RTCP, SRTP and SRTCP Secure RTP, DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with client/server, Websockets, Jitter buffer, async I/O poll, epoll, select, kqueue,...

[SECURITY] Fedora 43 Update: libre-4.8.1-1.fc43

Libre is a generic library for real-time communications with async I/O support. Features are a SIP stack RFC 3261, SDP, RTP and RTCP, SRTP and SRTCP Secure RTP, DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with client/server, Websockets, Jitter buffer, async I/O poll, epoll, select, kqueue,...

Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment

Summary The Shopware Store API endpoint /store-api/handle-payment contains an object-level authorization flaw that allows a low-privileged external user with a normal customer or guest context to trigger the payment flow for another user’s order by supplying a foreign orderId. The affected...

PT-2026-46856

Summary The Shopware Store API endpoint /store-api/handle-payment contains an object-level authorization flaw that allows a low-privileged external user with a normal customer or guest context to trigger the payment flow for another user’s order by supplying a foreign orderId. The affected...

EUVD-2026-33945

SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...

CVE-2026-10629 CVE-2026-10629

SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...

PUB-A-449725859

In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-7862

The CVE-2026-7862 entry concerns the Eupago Gateway For Woocommerce WordPress plugin (pre-4.7.2). The vulnerability allows unauthenticated attackers to initiate refunds against any WooCommerce order via the merchant’s payment gateway credentials, and for applicable payment methods, redirect refun...

PT-2026-43235

The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service temporary disruption of VPN-related functionality...

F5 Networks BIG-IP : BIG-IP SIP profile vulnerability (K000161023)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000161023 advisory. When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic...

CVE-2026-40423 BIG-IP SIP profile vulnerability

When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40423

CVE-2026-40423 affects BIG-IP SIP profile on a virtual server. Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate, disrupting traffic and allowing a remote, unauthenticated attacker to trigger a DoS. Impact is shown as HIGH (CVSS v3.1: 7.5) and HIGH (CVSS v4.0: 8....

PT-2026-40646

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description When a SIP Session Initiation Protocol profile is configured on a virtual server, undisclosed traffic can cause the...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Corporation in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a security vulnerability in F5 BIG-IP, which stems from virtual servers...

EUVD-2026-29354

Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file...

CVE-2026-45362

Summary : CVE-2026-45362 affects Sangoma Switchvox prior to version 8.4, where cleartext SIP authentication credentials are stored in a backup file. What’s affected : Switchvox software (versions before 8.4). Root cause / nature : Credentials are written in cleartext in a backup file, exposing SI...

CVE-2026-45362

Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file...

Null Pointer Dereference

github.com/emiago/sipgo is vulnerable to a Null pointer dereference. The vulnerability is due to missing nil checks for the To header in the NewResponseFromRequest function, which allows an attacker to exploit it by sending a malformed SIP request without a To header and crash the application...

EUVD-2026-25597

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message body. Insufficient length validation can cause reads beyond the intended buffer bounds. This...

PJSIP 缓冲区错误漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Versions of PJSIP 2.16 and earlier had a buffer error vulnerability, which stemmed from out-of-bounds read...