348 matches found
CVE-2026-0826
In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...
CVE-2026-0826
In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...
EUVD-2026-33658
In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...
CVE-2026-0826 Poly Voice – Possible Remote Control of Certain Poly Devices
In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...
CVE-2026-0826
In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...
CVE-2026-0826
In CVE-2026-0826, the issue is a stack-based buffer overflow in the Poly Voice device parser for ICE SDP attributes. When ICE is enabled, parsing the a=candidate: line copies input into a 256-byte stack buffer without length checks, enabling crafted SDP to overflow and achieve unauthenticated rem...
CVE-2026-0826 Poly Voice – Possible Remote Control of Certain Poly Devices
In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...
CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)
Overview Rapid7 Labs conducted a zero-day research project against an HP Poly VVX 450 Voice over Internet Protocol VoIP phone. This research resulted in the discovery of a critical unauthenticated stack-based buffer overflow vulnerability, CVE-2026-0826. A remote attacker can leverage CVE-2026-08...
CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation
One of the more persistent myths in security is that old bug classes become old problems. They don’t. They just show up in different places, under different conditions, and usually at the exact moment we’ve convinced ourselves not to pay attention to them. That’s part of what makes enterprise voi...
HP Poly Voice security vulnerabilities
HP Poly Voice is a voice communication software developed by the American company Hewlett-Packard HP. There is a security vulnerability in HP Poly Voice, which stems from a buffer overflow issue when administrators enable interactive connection establishment. This vulnerability may lead to remote...
PT-2026-45420
Name of the Vulnerable Software and Affected Versions Poly Voice VVX 150 Poly Voice VVX 250 Poly Voice VVX 350 Poly Voice VVX 450 Poly Voice Trio 8300 Poly Voice Trio 8500 Poly Voice Trio 8800 Description A stack-based buffer overflow exists in the Session Description Protocol SDP parsing process...
Poly Voice – Possible Remote Control of Certain Poly Devices
In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform. HP Poly recommends admins disable ICE connectivity when not required...
Poly Clariti Manager – May 2026 Security Update
Multiple potential security vulnerabilities have been identified on Poly Clariti Manager, on-premises management platform. These vulnerabilities are related to Berkeley Internet Name Domain BIND, which is an open-source protocol. HP has released updates to mitigate the potential vulnerabilities. ...
Canva Affinity EMF File EMR_POLYBEZIERTO Count Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2318 Canva Affinity EMF File EMRPOLYBEZIERTO Count Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-66503 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, ...
CVE-2026-0754
An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...
CVE-2026-0754
An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...
CVE-2026-0754 SIP Service Providers – Possible Impersonation of Poly Voice Device
An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...
EUVD-2026-9270
An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...
CVE-2026-0754
The CVE describes a vulnerability in Poly Voice devices where an embedded test key and certificate can be extracted via reverse engineering. If a SIP service provider does not properly validate device certificates, the extracted certificate could be accepted, enabling impersonation of the Poly Vo...
CVE-2026-0754
An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...