CVE Entries, Security Advisories and Bulletins
A list of flaws and vulnerabilities
Fraunhofer SIT investigates security vulnerabilities of various products and services. In order to support you in managing security risks and protecting your systems, Fraunhofer SIT publishes references to the results of this work.
This page therefore lists a selection of the CVE entries, security advisories and bulletins that Fraunhofer SIT has published so far.
Fraunhofer SIT Advisories and other security content is provided "as is" without warranty of any kind, either expressed or implied. Your use of any information contained in these publications or linked materials is at your own risk. Fraunhofer SIT reserves the right to change or update these contents at any time and without prior notice.
CVE entries publishes by Fraunhofer SIT
- CVE-2022-34294
totd 1.5.3 - CVE-2022-33993
DNRD (aka Domain Name Relay Daemon) 2.20.3 - CVE-2022-33992
DNRD (aka Domain Name Relay Daemon) 2.20.3 - CVE-2022-33991
dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. - CVE-2022-33990
dproxy-nexgen (aka dproxy nexgen) - CVE-2022-33989
dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot time) in upstream queries sent to DNS resolvers - CVE-2022-33988
dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries - CVE-2021-20314
libspf2 versions below 1.2.11 - CVE-2021-3672
c-ares library before 1.17.2 - CVE-2021-22931
Node.js before 16.6.0, 14.17.4, and 12.22.4 - CVE-2021-43523
uClibc and uClibc-ng before 1.0.39 - CVE-2021-32019
OpenWrt (before 19.07.8) - CVE-2021-33195
golang (before 1.15.12 and 1.16.5) - CVE-2021-32642
radsecproxy - CVE-2021-2432
Java SE (7u301) - CVE-2019-16263
TwitterKit for iOS (all Versions) - CVE-2019-12324
Akuvox - R50P (FW 50.0.6.156) - CVE-2019-12326
Akuvox - R50P (FW 50.0.6.156) - CVE-2019-12327
Akuvox - R50P (FW 50.0.6.156) - CVE-2019-14260
Alcatel-Lucent Enterprise - 8008 Cloud Edition DeskPhone (FW 1.50.03) - CVE-2019-12328
Atcom - A10W (FW 2.6.1a2421) - CVE-2018-16216
AudioCodes - AudioCodes 405HD (FW 2.2.12) - CVE-2018-16219
AudioCodes - AudioCodes 405HD (FW 2.2.12) - CVE-2018-16220
AudioCodes - AudioCodes 405HD (FW 2.2.12) - CVE-2018-19977
Auerswald - COMfortel 1200 IP (FW 3.4.4.1-10589) - CVE-2018-19978
Auerswald - COMfortel 1200 IP (FW 3.4.4.1-10589) - CVE-2018-18871
Gigaset - Maxwell Basic (FW 2.22.7) - CVE-2019-12325
Htek - UC902 (FW 2.0.4.4.46) - CVE-2019-14259
Obihai - Obi1022 (FW 5.1.11) - CVE-2018-16217
Yealink - Ultra-elegant IP Phone SIP-T41P (FW 66.83.035) - CVE-2018-16218
Yealink - Ultra-elegant IP Phone SIP-T41P (FW 66.83.035) - CVE-2018-16221
Yealink - Ultra-elegant IP Phone SIP-T41P (FW 66.83.035)
Security Advisories
- Akuvox
R50P (FW 50.0.6.156) (PDF, 358 KB) - Alcatel-Lucent Enterprise
8008 Cloud Edition DeskPhone (FW 1.50.03) (PDF, 356 KB) - Atcom
A10W (FW 2.6.1a2421) (PDF, 290 KB) - AudioCodes
AudioCodes 405HD (FW 2.2.12) (PDF, 356 KB) - Auerswald
COMfortel 1200 IP (FW 3.4.4.1-10589) (PDF, 424 KB) - Gigaset
Maxwell Basic (FW 2.22.7) (PDF, 353 KB) - Htek
UC90 (FW 2.0.4.4.46) (PDF, 358 KB) - Obihai
Obi1022 (FW 5.1.11) (PDF, 315 KB) - Twitter
TwitterKit for iOS (all Versions) (PDF, 342 KB) - Unify
OpenScape CP200 (FW V1 R3.8.10) (PDF, 469 KB) - Yealink
Ultra-elegant IP Phone SIP-T41P (FW 66.83.035) (PDF, 364 KB)
Contact
Dr. Jens Heider
Head of Testlab Mobile Security
64295 Darmstadt