Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
digium asterisk vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-26651
An issue exists in Asterisk up to and including 19.x and Certified Asterisk up to and including 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL que...
Digium Certified Asterisk 16.8
Digium Asterisk
Debian Debian Linux 10.0
Debian Debian Linux 11.0
8.8
CVSSv3
CVE-2019-18610
An issue exists in manager.c in Sangoma Asterisk up to and including 13.x, 16.x, 17.x and Certified Asterisk 13.21 up to and including 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AM...
Digium Certified Asterisk 13.21.0
Digium Asterisk
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2021-32558
An issue exists in Sangoma Asterisk 13.x prior to 13.38.3, 16.x prior to 16.19.1, 17.x prior to 17.9.4, and 18.x prior to 18.5.1, and Certified Asterisk prior to 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur...
Digium Certified Asterisk 16.8
Digium Asterisk
Debian Debian Linux 9.0
Debian Debian Linux 11.0
NA
CVE-2007-6170
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x prior to 1.4.15, 1.2.x prior to 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (...
Digium Asterisk
Digium Asterisk C.1.0
Debian Debian Linux 3.1
Debian Debian Linux 4.0
NA
CVE-2014-8416
Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x prior to 12.7.1 and 13.x prior to 13.0.1, when using the res_pjsip_refer module, allows remote malicious users to cause a denial of service (crash) via an in-dialog INVITE with Replaces message,...
Digium Asterisk
7.5
CVSSv3
CVE-2018-7285
A NULL pointer access issue exists in Asterisk 15.x up to and including 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired one...
Digium Asterisk
6.5
CVSSv3
CVE-2019-15297
res_pjsip_t38 in Sangoma Asterisk 15.x prior to 15.7.4 and 16.x prior to 16.5.1 allows an malicious user to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.
Digium Asterisk
6.5
CVSSv3
CVE-2020-35652
An issue exists in res_pjsip_diversion.c in Sangoma Asterisk prior to 13.38.0, 14.x up to and including 16.x prior to 16.15.0, 17.x prior to 17.9.0, and 18.x prior to 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or w...
Digium Asterisk
6.5
CVSSv3
CVE-2020-35776
A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote malicious user to crash Asterisk by deliberately misusing SIP 181 responses.
Digium Asterisk
6.5
CVSSv3
CVE-2019-7251
An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and previous versions and 16.1.1 and previous versions allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.
Digium Asterisk
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »