Lucene search
K

675 matches found

CVE
CVE
added 2026/05/13 2:12 p.m.19 views

CVE-2026-40423

CVE-2026-40423 affects BIG-IP SIP profile on a virtual server. Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate, disrupting traffic and allowing a remote, unauthenticated attacker to trigger a DoS. Impact is shown as HIGH (CVSS v3.1: 7.5) and HIGH (CVSS v4.0: 8....

8.7CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software21
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Corporation in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a security vulnerability in F5 BIG-IP, which stems from virtual servers...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-40646

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description When a SIP Session Initiation Protocol profile is configured on a virtual server, undisclosed traffic can cause the...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 3:31 a.m.13 views

EUVD-2026-29354

Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file...

3.2CVSS5.8AI score0.00095EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/12 12:40 a.m.10 views

CVE-2026-45362

Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file...

3.2CVSS5.8AI score0.00095EPSS
Exploits0References3
CVE
CVE
added 2026/05/12 12:40 a.m.17 views

CVE-2026-45362

Summary : CVE-2026-45362 affects Sangoma Switchvox prior to version 8.4, where cleartext SIP authentication credentials are stored in a backup file. What’s affected : Switchvox software (versions before 8.4). Root cause / nature : Credentials are written in cleartext in a backup file, exposing SI...

3.2CVSS5.8AI score0.00095EPSS
Exploits0References2
Veracode
Veracode
added 2026/04/30 6:14 a.m.8 views

Null Pointer Dereference

github.com/emiago/sipgo is vulnerable to a Null pointer dereference. The vulnerability is due to missing nil checks for the To header in the NewResponseFromRequest function, which allows an attacker to exploit it by sending a malformed SIP request without a To header and crash the application...

8.7CVSS7.7AI score0.00487EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/24 6:38 p.m.8 views

EUVD-2026-25597

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message body. Insufficient length validation can cause reads beyond the intended buffer bounds. This...

8.8CVSS5.4AI score0.00308EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.8 views

PJSIP 缓冲区错误漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Versions of PJSIP 2.16 and earlier had a buffer error vulnerability, which stemmed from out-of-bounds read...

9.1CVSS6AI score0.00308EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/04/14 8:2 a.m.6 views

netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp

...

7.8CVSS6.2AI score0.00115EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/04/13 1:40 p.m.5 views

CVE-2026-31427

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix use of uninitialized rtpaddr in processsdp processsdp declares union nfinetaddr rtpaddr on the stack and passes it to the nfnatsip sdpsession hook after walking the SDP media descriptions. However...

5.5CVSS5.2AI score0.00115EPSS
Exploits0
NVD
NVD
added 2026/04/08 8:16 p.m.7 views

CVE-2026-39864

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted SIP packet if a successful user...

4.9CVSS0.00301EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/08 8:16 p.m.9 views

CVE-2026-39864

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted SIP packet if a successful user...

4.9CVSS5.8AI score0.00301EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 7:58 p.m.5 views

CVE-2026-39864 Kamailio Auth: Processing Vulnerability For Additional Authenticated User Identity Checks

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted SIP packet if a successful user...

4.4CVSS6AI score0.00301EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/08 7:58 p.m.4 views

CVE-2026-39864

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted SIP packet if a successful user...

4.9CVSS5.5AI score0.00301EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/04/07 12:54 a.m.131 views

Exploit for Classic Buffer Overflow in Pjsip

CVE-2026-25994 – PJNATH ICE Stack Buffer Overflow pjsip ≤ 2.16...

9.8CVSS7.8AI score0.01927EPSS
Exploits3
SUSE CVE
SUSE CVE
added 2026/04/03 11:27 p.m.7 views

SUSE CVE-2026-23457

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix Content-Length u32 truncation in siphelptcp siphelptcp parses the SIP Content-Length header with simplestrtoul, which returns unsigned long, but stores the result in unsigned int clen. On 64-bit...

5.3CVSS5.7AI score0.00375EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.8 views

PT-2026-30151

Name of the Vulnerable Software and Affected Versions The Linux kernel affected versions not specified Description A flaw exists in the sip help tcp function within the netfilter module. This function parses the SIP Content-Length header using simple strtoul, which returns an unsigned long, but...

8.6CVSS5.3AI score0.00375EPSS
Exploits0References497
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.5 views

Ubuntu 16.04 LTS / 18.04 LTS : PJSIP vulnerabilities (USN-8122-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8122-1 advisory. Youngsung Kim discovered that PJSIP did not properly parse numeric header fields in SIP messages. A remote attacker could use this issue to...

9.8CVSS6.2AI score0.0462EPSS
Exploits4References15
NVD
NVD
added 2026/03/20 9:16 a.m.7 views

CVE-2026-33069

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsipmultipartparse. After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This...

7.5CVSS0.0026EPSS
Exploits0References2
Rows per page
Query Builder