CVSS: 7.5EPSS: 20%CPEs: 1EXPL: 3CVE-2007-5636 – Nortel Networks UNIStim IP SoftPhone 2050 - RTCP Port Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-5636
Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via a flood of invalid characters to the RTCP port (5678/udp) that triggers a Windows error message, aka "extraneous messaging." Desbordamiento de búfer en Nortel UNIStim IP Softphone 2050 permite a atacantes remotos provocar denegación de servicio (abortar aplicación) y posiblemente ejecutar código de su elección a través de una inundación de carácteres no válidos en el puerto RTCP (5678/udp) que dispara un mensaje de error Windows, también conocido como "mensaje extraño". • https://www.exploit-db.com/exploits/30678 http://osvdb.org/38521 http://secunia.com/advisories/27252 http://securityreason.com/securityalert/3271 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=655203 http://www.csnc.ch/static/advisory/csnc/nortel_UNIStim_IP_softphone_buffer-overflow_v1.0.txt http://www.securityfocus.com/archive/1/482476/100/0/threaded http://www.securityfocus.com/bid/26118 http://www.vupen.com/english/advisories/2007/3540 https://exchange.xforce&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 5%CPEs: 10EXPL: 0CVE-2007-5591
https://notcve.org/view.php?id=CVE-2007-5591
The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to cause a denial of service (telephony application outage) via a flood of packets to Embedded LAN (ELAN) ports. El servidor de señalización CS1000 en Nortel Enterprise VoIP-Core-CS 1000M Chasis/Cabinet, Enterprise VoIP-Core-CS 1000E y 1000S, Meridian-Core-Option 11C Chassis and Cabinet, y Meridian-Core-Option 51C, 61C y 81C, permite a atacantes remotos causar una denegación de servicio (interrupción de la aplicación de telefonía) por medio de una inundación de paquetes hacia puertos Embedded LAN (ELAN). • http://osvdb.org/41799 http://secunia.com/advisories/27282 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=655204 http://www.csnc.ch/static/advisory/csnc/nortel_telephony_server_denial_of_service_v1.0.txt http://www.securityfocus.com/archive/1/482484/100/0/threaded http://www.securityfocus.com/bid/26113 http://www.vupen.com/english/advisories/2007/3536 http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022871-01.pdf https://exchange.xforce.ibmcloud&# •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3438
https://notcve.org/view.php?id=CVE-2007-3438
Buffer overflow in the SIP header parsing module in the Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to execute arbitrary code via a malformed message, a different vulnerability than CVE-2007-3361. Desbordamiento de búfer en el módulo de análisis sintáctico de cabeceras SIP de Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] permite a atacantes remotos ejecutar código de su elección mediante un mensaje mal formado, una vulnerabilidad diferente de CVE-2007-3361. • http://osvdb.org/45429 http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=297& •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-3361
https://notcve.org/view.php?id=CVE-2007-3361
The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to cause a denial of service (device crash) via a SIP message with a malformed header. El software de teléfono SIP Nortel PC Client 4.1 3.5.208[20051015] permite a atacantes remotos provocar una denegación de servicio (cuelgue de dispositivo) mediante un mensajes SIP con cabecera malformada. • http://osvdb.org/37498 http://secunia.com/advisories/25782 http://www.securityfocus.com/bid/24536 http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=298& http://www.vupen.com/english/advisories/2007/2319 https://exchange.xforce.ibmcloud.com/vulnerabilities/35154 •
CVSS: 5.0EPSS: 6%CPEs: 6EXPL: 0CVE-2007-2886
https://notcve.org/view.php?id=CVE-2007-2886
Unspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors. Vulnerabilidad no especificada en la tarjeta Nortel CS 1000 M en Enterprise VoIP-Core-CS 1000E, 1000M, y 1000S 04.50W anterior al 23/05/2007 en Meridian/CS 1000 permite a atacantes remotos provocar una denegación de servicio (cuelgue de la tarjeta) a través de vectores no especificados. • http://osvdb.org/36525 http://secunia.com/advisories/25409 http://www.securityfocus.com/bid/24131 http://www.securitytracker.com/id?1018128 http://www.vupen.com/english/advisories/2007/1927 http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/21/022325-01.pdf http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=58493 https://exchange.xforce.ibmcloud.com/vulnerabilities/34480 •