21 matches found
EUVD-2011-3972
Malware in sbrugna...
CVE-2011-4019
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager CUCM 7.x, allows remote attackers to cause a denial of service memory consumption via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883...
Design/Logic Flaw
media-server v1.0.0 was discovered to contain a Use-After-Free UAF vulnerability via the sipsubscriberemove function at /uac/sip-uac-subscribe.c...
media-server security vulnerability
media-server is a library from Chen's personal developer. A security vulnerability exists in media-server v1.0.0, which was discovered via the sipsubscriberemove function in /uac/sip-uac-subscribe.c to contain a memory reuse after release vulnerability...
CVE-2024-24260
media-server v1.0.0 was discovered to contain a Use-After-Free UAF vulnerability via the sipsubscriberemove function at /uac/sip-uac-subscribe.c...
PT-2024-20329 · Unknown · Mediaserver
Name of the Vulnerable Software and Affected Versions: media-server version 1.0.0 Description: The issue is related to a Use-After-Free UAF vulnerability. This vulnerability occurs when the sip subscribe remove function is used. The UAF vulnerability is a type of memory corruption bug that can...
Design/Logic Flaw
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse...
CVE-2021-41157 FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse...
FreeSWITCH 1.10.5 SIP SUBSCRIBE Missing Authentication Exploit
FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-08-freeswitch-SIP-SUBSCRIBE-without-auth - Vendor Security Advisory:...
FreeSWITCH 1.10.5 SIP SUBSCRIBE Missing Authentication
FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-08-freeswitch-SIP-SUBSCRIBE-without-auth - Vendor Security Advisory:...
Digium Asterisk Out-of-Bounds Write (CVE-2018-7284)
An out-of-bounds write vulnerability exists in Asterisk. The vulnerability is due to improper processing of SIP SUBSCRIBE requests. Successful exploitation would result in a denial of service condition...
Digium Asterisk res_pjsip_pubsub Module SIP SUBSCRIBE Type Confusion Denial of Service (CVE-2014-6609)
A denial of service vulnerability exists in Asterisk Open Source. The vulnerability is due to the way SIP SUBSCRIBE requests with unexpected mixes of headers for a given event package are handled. Remote, unauthenticated attackers could exploit this vulnerability by sending malformed SIP SUBSCRIB...
CVE-2014-6609
The respjsippubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service crash via crafted headers in a SIP SUBSCRIBE request for an event package...
CVE-2014-6609
The respjsippubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service crash via crafted headers in a SIP SUBSCRIBE request for an event package...
CVE-2014-6609
The respjsippubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service crash via crafted headers in a SIP SUBSCRIBE request for an event package...
CVE-2011-4019
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager CUCM 7.x, allows remote attackers to cause a denial of service memory consumption via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883...
Memory corruption
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager CUCM 7.x, allows remote attackers to cause a denial of service memory consumption via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883...
CVE-2011-4019
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager CUCM 7.x, allows remote attackers to cause a denial of service memory consumption via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883...
CVE-2011-4019
CVE-2011-4019 affects Cisco IOS 12.4 and 15.0–15.2, and Cisco Unified Communications Manager (CUCM) 7.x. The issue is a memory leak that allows remote attackers to cause denial of service by sending a crafted SIP SUBSCRIBE response. Root cause is a vulnerability in handling SIP SUBSCRIBE messages...
Code injection
The Presence Engine PE service in Cisco Unified Presence 6.x before 6.07 and 7.x before 7.08 does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service process failure via a malformed message, aka Bug ID...