EUVD-2026-18712

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: fix OOB read in decodeint CONS case In decodeint, the CONS case calls getbitsbs, 2 to read a length value, then calls getuintbs, len without checking that len bytes remain in the buffer. The existing...

EUVD-2025-204762

Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical...

CVE-2025-65856

The CVE-2025-65856 entry concerns Xiongmai XM530 IP cameras running firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The vulnerability is an authentication bypass in the ONVIF implementation that fails to enforce authentication on 31 endpoints, allowing unauthenticated remote access to sen...

CVE-2025-8065

A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a crafted SOAP reque...

CVE-2023-53773

MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tvaction.sh script that allows remote attackers to generate live stream snapshots through the Simple VDR Protocol. Attackers can request /tpl/tvaction.sh to create and retrieve a live TV screenshot stored in /var/www/images/tv.jpg...

CVE-2023-53773

MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_action.sh script that lets remote attackers trigger the Simple VDR Protocol to generate a live TV screenshot stored at /var/www/images/tv.jpg via the /tpl/tv_action.sh endpoint without authentication. This affects the component ...

CVE-2025-0079

In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-51625

D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this...

SUSE CVE-2020-15472

In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpisearchh323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short...

PT-2022-18704 · Pexip · Pexip Infinity

Name of the Vulnerable Software and Affected Versions: Pexip Infinity versions prior to 27.3 Description: The issue allows remote attackers to trigger a software abort via H.323. Recommendations: For versions prior to 27.3, update to version 27.3 or later to resolve the issue...

CVE-2018-20051

Mishandling of '' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service crash and reboot via certain ONVIF methods such as CreateUsers, SetImagingSettings, GetStreamUri, and so on...

Huawei H323 protocol read out-of-bounds vulnerability in various products

AR120-S, AR1200, DP300, RSE6500, Secospace USG6300, ViewPoint 8660 are all network equipment from Huawei China. A read out-of-bounds vulnerability exists in the H323 protocol of several Huawei products, which allows an attacker to send messages containing special parameters to the affected device...

CVE-2017-6763

A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server CMS 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected system. The vulnerability exists because the affected application does not properly validate...

PT-2017-1003 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an out-of-bounds memory write flaw in the Linux kernel's Voice Over IP H.323 connection tracking functionality when handling connections on ipv6 port 1720. This...