Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
asterisk open source vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-42706
An issue exists in Sangoma Asterisk up to and including 16.28, 17 and 18 up to and including 18.14, 19 up to and including 19.6, and certified up to and including 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the ...
Sangoma Asterisk
Sangoma Certified Asterisk 18.9
Sangoma Certified Asterisk
Sangoma Asterisk 20.0.0
NA
CVE-2022-39244
PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP before 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This is...
Pjsip Pjsip
NA
CVE-2022-39269
PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts al...
Pjsip Pjsip
NA
CVE-2021-46837
res_pjsip_t38 in Sangoma Asterisk 16.x prior to 16.16.2, 17.x prior to 17.9.3, and 18.x prior to 18.2.2, and Certified Asterisk prior to 16.8-cert7, allows an malicious user to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by...
Asterisk Certified Asterisk 16.8.0
Digium Asterisk
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.8
CVSSv2
CVE-2022-31031
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use ST...
Teluu Pjsip
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4.3
CVSSv2
CVE-2022-24792
PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chu...
Teluu Pjsip
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
5
CVSSv2
CVE-2022-26498
An issue exists in Asterisk up to and including 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, an...
Digium Asterisk
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.4
CVSSv2
CVE-2022-26499
An SSRF issue exists in Asterisk up to and including 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
Digium Asterisk
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv2
CVE-2022-26651
An issue exists in Asterisk up to and including 19.x and Certified Asterisk up to and including 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL que...
Digium Certified Asterisk 16.8
Digium Asterisk
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv2
CVE-2022-24786
PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A p...
Pjsip Pjsip
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »