Lucene search
+L

576 matches found

susecve
susecve
added 2026/04/03 11:27 p.m.8 views

SUSE CVE-2026-23457

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix Content-Length u32 truncation in siphelptcp siphelptcp parses the SIP Content-Length header with simplestrtoul, which returns unsigned long, but stores the result in unsigned int clen. On 64-bit...

5.3CVSS5.7AI score0.00433EPSS
Exploits0References17
ptsecurity
ptsecurity
added 2026/04/03 12:0 a.m.8 views

PT-2026-30151

Name of the Vulnerable Software and Affected Versions The Linux kernel affected versions not specified Description A flaw exists in the sip help tcp function within the netfilter module. This function parses the SIP Content-Length header using simple strtoul, which returns an unsigned long, but...

8.6CVSS5.3AI score0.00433EPSS
Exploits0References497
nessus
nessus
added 2026/03/25 12:0 a.m.6 views

Ubuntu 16.04 LTS / 18.04 LTS : PJSIP vulnerabilities (USN-8122-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8122-1 advisory. Youngsung Kim discovered that PJSIP did not properly parse numeric header fields in SIP messages. A remote attacker could use this issue to...

9.8CVSS6.2AI score0.0462EPSS
Exploits4References15
nvd
nvd
added 2026/03/20 9:16 a.m.9 views

CVE-2026-33069

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsipmultipartparse. After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This...

7.5CVSS0.0026EPSS
Exploits0References2
osv
osv
added 2026/03/20 9:16 a.m.6 views

ALPINE-CVE-2026-33069

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsipmultipartparse. After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This...

7.5CVSS5.6AI score0.0026EPSS
Exploits0References1
osv
osv
added 2026/03/20 9:16 a.m.4 views

DEBIAN-CVE-2026-33069

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsipmultipartparse. After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This...

7.5CVSS5.6AI score0.0026EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/03/20 8:21 a.m.2 views

CVE-2026-33069

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsipmultipartparse. After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This...

6.9CVSS6AI score0.0026EPSS
Exploits0References3Affected Software1
cve
cve
added 2026/03/20 8:21 a.m.31 views

CVE-2026-33069

PJSIP versions 2.16 and earlier are affected by a cascading out-of-bounds heap read in pjsip_multipart_parse(), where after boundary matching curptr is advanced past the delimiter without ensuring it is within the buffer, allowing 1–2 bytes of adjacent heap memory to be read. This affects applica...

7.5CVSS6AI score0.0026EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/03/03 12:48 a.m.9 views

EUVD-2026-9270

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

8.2CVSS5.9AI score0.00098EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/03/03 12:48 a.m.4 views

CVE-2026-0754 SIP Service Providers – Possible Impersonation of Poly Voice Device

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

8.2CVSS5.9AI score0.00098EPSS
Exploits0References1
cvelist
cvelist
added 2026/03/03 12:48 a.m.38 views

CVE-2026-0754 SIP Service Providers – Possible Impersonation of Poly Voice Device

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

8.2CVSS0.00098EPSS
Exploits0References1
cve
cve
added 2026/03/03 12:48 a.m.27 views

CVE-2026-0754

The CVE describes a vulnerability in Poly Voice devices where an embedded test key and certificate can be extracted via reverse engineering. If a SIP service provider does not properly validate device certificates, the extracted certificate could be accepted, enabling impersonation of the Poly Vo...

8.2CVSS5.9AI score0.00098EPSS
Exploits0References1
metasploit
metasploit
added 2026/02/24 6:58 p.m.264 views

GrandStream GXP1600 proxy SIP traffic

This capture module works against Grandstream GXP1600 series VoIP devices and can reconfigure the device to use an arbitrary SIP proxy. You can first leverage the exploit/linux/http/grandstreamgxp1600unauthrce exploit module to get a root session on a target GXP1600 series device before running...

5.9AI score
Exploits0
rapid7blog
rapid7blog
added 2026/02/18 2:15 p.m.12 views

The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP

I don’t know about you, but when I think about “critical vulnerabilities,” I usually picture ransomware, data theft, or maybe a server falling over at 2 a.m. while someone frantically searches Slack for the last good backup. What I don’t picture is a scene straight out of a Cold War spy film...

9.8CVSS6.7AI score0.40014EPSS
Exploits2
osv
osv
added 2026/02/11 9:16 p.m.7 views

ALPINE-CVE-2026-25994

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames...

9.8CVSS8.1AI score0.01927EPSS
Exploits3References1
ptsecurity
ptsecurity
added 2026/02/11 12:0 a.m.9 views

PT-2026-7669

ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with...

9.8CVSS5.7AI score0.04428EPSS
Exploits1References5
redhatcve
redhatcve
added 2026/01/30 9:23 p.m.6 views

CVE-2025-15542

Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls...

6.3CVSS5.9AI score0.00252EPSS
Exploits0References1
osv
osv
added 2026/01/29 7:16 p.m.8 views

CVE-2025-15542

Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls...

5.3CVSS5.8AI score0.00252EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/01/29 6:6 p.m.5 views

CVE-2025-15542 Denial of Service (DoS) of VoIP Communication on TP-Link VX800v

Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls...

6.3CVSS5.9AI score0.00252EPSS
Exploits0References2
cvelist
cvelist
added 2026/01/29 6:6 p.m.30 views

CVE-2025-15542 Denial of Service (DoS) of VoIP Communication on TP-Link VX800v

Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls...

6.3CVSS0.00252EPSS
Exploits0References2
Rows per page
Query Builder