24 matches found
PT-2026-31442
Name of the Vulnerable Software and Affected Versions Kamailio versions prior to 6.1.1, prior to 6.0.6, and prior to 5.8.8 Description Kamailio, an open source SIP Signaling Server, contains a flaw where a specially crafted data packet sent over TCP can lead to a denial of service process crash...
EUVD-2026-12109
A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle MitM attacker can intercept or redirect the NAT tunnel establishment. This could...
CVE-2026-24935
A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle MitM attacker can intercept or redirect the NAT tunnel establishment. This could...
CVE-2026-24935
A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle MitM attacker can intercept or redirect the NAT tunnel establishment. This could...
CVE-2026-24935
A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle MitM attacker can intercept or redirect the NAT tunnel establishment. This could...
EUVD-2026-5286
A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle MitM attacker can intercept or redirect the NAT tunnel establishment. This could...
CVE-2026-24935
A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle MitM attacker can intercept or redirect the NAT tunnel establishment. This could...
CVE-2026-24935 An improper certificate validation vulnerability was found in a third-party NAT traversal module.
A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle MitM attacker can intercept or redirect the NAT tunnel establishment. This could...
CVE-2026-24935
CVE-2026-24935: A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server, enabling a MitM attacker to intercept or redirect the NAT tunnel establishment. This vulnerability could disrupt service availability or enable targeted attacks by ac...
CVE-2026-24935 An improper certificate validation vulnerability was found in a third-party NAT traversal module.
A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle MitM attacker can intercept or redirect the NAT tunnel establishment. This could...
PT-2026-5767
A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle MitM attacker can intercept or redirect the NAT tunnel establishment. This could...
nvidia-live-translation-poc
NVIDIA Live Translation with Lip-Sync POC Real-time voice tra...
EUVD-2007-5566
Malware in sbrugna...
Nortel CS Signaling Server Default Admin Credentials
The remote device is a Nortel CS Signaling Server that uses a set of known, default credentials. Knowing these, an attacker able to connect to the service can gain complete control of the device. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid72600;...
Hardcoded credentials
Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 CS1K 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges...
Code injection
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel IP Phone, Mobile Voice Client, and WLAN Handsets products allow remote attackers to cause a denial of service device hang via a flood of Mute and UnMute messages that have a spoofed source IP address for the Signaling Server...
Design/Logic Flaw
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager BCM, Mobile Voice Client, and other product lines, allow remote attackers to block calls and force re-registration via a resume message to the Signaling Server...
CVE-2007-5640
The CVE-2007-5640 issue affects Nortel UNIStim products (e.g., UNIStim IP Softphone 2050, IP Phone 1140E and related lines such as BCM and Mobile Voice Client). A resume message to the Signaling Server with a spoofed source IP can allow remote attackers to block calls and force re-registration; t...
Nortel IP Phone forced re-authentication
COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: IP Phone Vendor: Nortel Subject: IP Phone forced re-authentication Risk: High Effect: Currently exploitable Author: Daniel Stirnimann daniel.stirnimann at csnc dot ch Date: October, 18th 2007 Introduction: ------------- The UNIStim...
Code injection
The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to cause a denial of service telephony application outage...