4454 matches found
Vulnerabilities found in Juniper Networks’ Junos OS and Junos OS Evolved
Juniper has identified several vulnerabilities in Junos OS and Junos OS Evolved, specifically related to devices in the MX Series, PTX Series, QFX Series, EX Series, SRX Series, and QFX10000 Series. These vulnerabilities affect various components of Junos OS and Junos OS Evolved, including the...
Mitel 6000 - OS Command Injection
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 R6.4.0.4006, and the 6970 Conference Unit through 6.4 SP4 R6.4.0.4006 or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient paramete...
EUVD-2026-42714
An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS.If the SIP ALG is enabled on an affected device, the...
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-2595)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Input: alps - fix use-after-free bugs caused by dev3registerworkCVE-2025-68822 ext4: reject mount if bigalloc with sfirstdatablock !=...
CVE-2026-57026
An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS.If the SIP ALG is enabled on an affected device, the...
Juniper Junos OS Vulnerability (JSA110086)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA110086 advisory. - An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an...
EUVD-2026-41452
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-6947. This issue affects Fireware OS 12.0 up to and...
CVE-2026-13377
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-6947. This issue affects Fireware OS 12.0 up to and...
CVE-2026-13377
WatchGuard Fireware OS SIP Proxy module is affected by a Stored XSS via improper input neutralization during web page generation. The vulnerability affects Fireware OS versions 12.0–12.12, 12.5–12.5.18, and 2025.1–2026.2. Root cause: improper sanitization in the SIP Proxy configuration web interf...
CVE-2026-13377
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-6947. This issue affects Fireware OS 12.0 up to and...
PT-2026-55333
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-6947. This issue affects Fireware OS 12.0 up to and...
CVE-2026-52986
A flaw was found in the Linux kernel's netfilter SIP Session Initiation Protocol connection tracking module. This vulnerability, caused by unsafe port parsing, allows a remote attacker to send specially crafted malformed packets. Such packets could lead to excessive resource consumption,...
Linux Distros Unpatched Vulnerability : CVE-2026-52986
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nfconntracksip: don't use simplestrtoul Replace unsafe port parsing in epaddrlen, ctsipparseheaderuri, and ctsipparserequest with a new sipparseport...
EUVD-2026-38854
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: don't use simplestrtoul Replace unsafe port parsing in epaddrlen, ctsipparseheaderuri, and ctsipparserequest with a new sipparseport helper that validates each digit against the buffer limit, eliminatin...
CVE-2026-52986
The CVE-2026-52986 issue affects the Linux kernel netfilter nf_conntrack_sip module, where unsafe port parsing on non-NUL-terminated data allowed malformed SIP packets to affect conntrack processing. The fix introduces a dedicated sip_parse_port() that validates each digit against the buffer limi...
CVE-2026-52986 netfilter: nf_conntrack_sip: don't use simple_strtoul
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: don't use simplestrtoul Replace unsafe port parsing in epaddrlen, ctsipparseheaderuri, and ctsipparserequest with a new sipparseport helper that validates each digit against the buffer limit, eliminatin...
CVE-2026-52986 netfilter: nf_conntrack_sip: don't use simple_strtoul
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: don't use simplestrtoul Replace unsafe port parsing in epaddrlen, ctsipparseheaderuri, and ctsipparserequest with a new sipparseport helper that validates each digit against the buffer limit, eliminatin...
PT-2026-51880
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter nf conntrack sip module due to unsafe port parsing. The system used the simple strtoul function, which assumes strings are NUL-terminated, on...
CVE-2026-0154
CVE-2026-0154 affects the Modem component and describes a memory corruption issue triggered by a SIP REFER request that could enable remote code execution with no additional privileges and without user interaction. The connected documents consistently state this is a Modem/SIP REFER memory corrup...
CVE-2026-0154
In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...