Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
freeswitch freeswitch vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-7392
Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH prior to 1.4.23 and 1.6.x prior to 1.6.2 allows remote malicious users to execute arbitrary code via a trailing \u in a json string to cJSON_Parse.
Freeswitch Freeswitch 1.6.0
Freeswitch Freeswitch
7.5
CVSSv3
CVE-2021-41145
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. FreeSWITCH prior to version 1.10.7 is susceptible to Denial of Service via SIP flooding. When flo...
Freeswitch Freeswitch
7.5
CVSSv3
CVE-2021-41105
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When handling SRTP calls, FreeSWITCH prior to version 1.10.7 is susceptible to a DoS where calls ...
Freeswitch Freeswitch
5.3
CVSSv3
CVE-2021-41157
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of ...
Freeswitch Freeswitch
2 Github repositories
7.5
CVSSv3
CVE-2021-41158
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and ...
Freeswitch Freeswitch
9.8
CVSSv3
CVE-2019-19492
FreeSWITCH 1.6.10 up to and including 1.10.1 has a default password in event_socket.conf.xml.
Freeswitch Freeswitch
3 Github repositories
7.5
CVSSv3
CVE-2023-40018
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offeri...
Freeswitch Freeswitch
6.5
CVSSv3
CVE-2023-40019
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack ...
Freeswitch Freeswitch
5.9
CVSSv3
CVE-2023-51443
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to D...
Freeswitch Freeswitch
7.5
CVSSv3
CVE-2018-19911
FreeSWITCH up to and including 1.8.2, when mod_xml_rpc is enabled, allows remote malicious users to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This...
Freeswitch Freeswitch
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »