Lucene search
+L

193 matches found

EUVD
EUVD
added 2026/07/07 3:37 p.m.10 views

EUVD-2026-42051

A logic vulnerability was found in GStreamer's webrtcbin component. The checksdpcrypto function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attack...

3.7CVSS6AI score0.0015EPSS
Exploits0References4
CVE
CVE
added 2026/07/07 3:37 p.m.18 views

CVE-2026-14935

GStreamer webrtcbin contains a logic flaw in _check_sdp_crypto(): an inverted presence check allows remote SDP offers/answers without the a=fingerprint attribute, while rejecting ones that include it. This could let an attacker intercepting WebRTC signaling bypass the SDP-level DTLS certificate f...

3.7CVSS6AI score0.0015EPSS
Exploits0References4
Snyk
Snyk
added 2026/07/07 3:25 p.m.8 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the checksdpcrypto function due to an inverted boolean condition. An attacker can weaken the binding between DTLS certificates and SDP by intercepting and modifying WebRTC signaling...

6.3CVSS6.1AI score0.0015EPSS
Exploits0References2
Metasploit
Metasploit
added 2026/06/18 7:1 p.m.186 views

HP Poly Voice Unauthenticated Remote Code Execution

CVE-2026-0826 is a critical unauthenticated stack-based buffer overflow vulnerability affecting all models in the VVX series VVX 150, VVX 250, VVX 350, and VVX 450, as well as three models from the Trio IP Conference series Trio 8800, Trio 8500, and Trio 8300. A remote attacker can leverage...

9.2CVSS6.9AI score0.24469EPSS
Exploits3
Rapid7 Blog
Rapid7 Blog
added 2026/06/01 1:0 p.m.31 views

CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)

Overview Rapid7 Labs conducted a zero-day research project against an HP Poly VVX 450 Voice over Internet Protocol VoIP phone. This research resulted in the discovery of a critical unauthenticated stack-based buffer overflow vulnerability, CVE-2026-0826. A remote attacker can leverage CVE-2026-08...

9.2CVSS7.1AI score0.24469EPSS
Exploits3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Wireshark

The SDP protocol dissector in Wireshark versions 4.6.0 to 4.6.4 allows for a denial of service attack...

7.5CVSS5.8AI score0.00206EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.17 views

CVE-2026-38740

Foscam VD1 Video Doorbell before V5.3.131072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol SDP, including ICE credentials and candidates, in cleartext over network interfaces. An attacker with network visibility can...

5.3CVSS5.9AI score0.00131EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 7:16 p.m.19 views

CVE-2026-38740

Foscam VD1 Video Doorbell before V5.3.131072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol SDP, including ICE credentials and candidates, in cleartext over network interfaces. An attacker with network visibility can...

5.3CVSS0.00131EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 12:0 a.m.9 views

CVE-2026-38740

Foscam VD1 Video Doorbell before V5.3.131072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol SDP, including ICE credentials and candidates, in cleartext over network interfaces. An attacker with network visibility can...

5.9AI score0.00131EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 12:0 a.m.35 views

CVE-2026-38740

Foscam VD1 Video Doorbell before V5.3.131072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol SDP, including ICE credentials and candidates, in cleartext over network interfaces. An attacker with network visibility can...

0.00131EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Foscam VD1 Video Doorbell 安全漏洞

The Foscam VD1 Video Doorbell is a smart video doorbell from the American company Foscam, capable of supporting high-definition video surveillance and two-way voice communication. Versions of the Foscam VD1 Video Doorbell prior to V5.3.131072 contained security vulnerabilities. These...

5.3CVSS5.8AI score0.00131EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 12:0 a.m.22 views

CVE-2026-38740

CVE-2026-38740 affects the Foscam VD1 Video Doorbell (pre‑V5.3.13_1072). The root cause is cleartext transmission of sensitive SDP data, including ICE credentials and candidates, exposed over network interfaces. An attacker with network visibility can intercept these credentials to hijack media s...

5.3CVSS5.9AI score0.00131EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 9:49 a.m.20 views

CVE-2026-5655

A flaw was found in Wireshark. A local user could be tricked into opening a specially crafted capture file containing Session Description Protocol SDP data. Processing this malicious data could lead to a crash in the SDP protocol dissector, resulting in a denial of service for the application...

7.5CVSS5.7AI score0.00206EPSS
Exploits1References5
OSV
OSV
added 2026/04/30 7:16 a.m.11 views

UBUNTU-CVE-2026-5655

SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service...

7.5CVSS5.8AI score0.00206EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/30 5:38 a.m.7 views

EUVD-2026-26325

SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service...

5.5CVSS5.2AI score0.00206EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/30 5:38 a.m.8 views

CVE-2026-5655 Use After Free in Wireshark

SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service...

5.5CVSS5.2AI score0.00206EPSS
Exploits1References2
OSV
OSV
added 2026/04/30 5:38 a.m.3 views

CVE-2026-5655 Use After Free in Wireshark

SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service...

5.5CVSS6.6AI score0.00206EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/04/30 12:0 a.m.6 views

CVE-2026-5655

SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service...

7.5CVSS5.8AI score0.00206EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.14 views

Wireshark 资源管理错误漏洞

Wireshark is a set of network packet analysis tools developed by the Wireshark team. The software’s function is to capture network packets and display detailed data for analysis. Versions of Wireshark from 4.6.0 to 4.6.4 contained a resource management vulnerability, which was caused by a crash i...

7.5CVSS5.8AI score0.00206EPSS
Exploits1References1
Kaspersky
Kaspersky
added 2026/04/29 12:0 a.m.12 views

KLA91017 Multiple vulnerabilities in Wireshark

Multiple vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Heap overflow vulnerability in TLS protocol dissector can be exploited to cause denial of service...

5.5CVSS6.4AI score0.00181EPSS
Exploits2References7
Rows per page
Query Builder