Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
digium asterisk vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-26712
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated malicious user to prematurely terminate secure calls by replaying SRTP packets.
Digium Asterisk
Digium Certified Asterisk 16.8
5
CVSSv2
CVE-2021-26717
An issue exists in Sangoma Asterisk 16.x prior to 16.16.1, 17.x prior to 17.9.2, and 18.x prior to 18.2.1 and Certified Asterisk prior to 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in t...
Digium Asterisk
Digium Certified Asterisk 16.8
4.3
CVSSv2
CVE-2021-26906
An issue exists in res_pjsip_session.c in Digium Asterisk up to and including 13.38.1; 14.x, 15.x, and 16.x up to and including 16.16.0; 17.x up to and including 17.9.1; and 18.x up to and including 18.2.0, and Certified Asterisk up to and including 16.8-cert5. An SDP negotiation...
Digium Asterisk
Digium Certified Asterisk 16.8
4.3
CVSSv2
CVE-2020-35776
A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote malicious user to crash Asterisk by deliberately misusing SIP 181 responses.
Digium Asterisk
4
CVSSv2
CVE-2020-35652
An issue exists in res_pjsip_diversion.c in Sangoma Asterisk prior to 13.38.0, 14.x up to and including 16.x prior to 16.15.0, 17.x prior to 17.9.0, and 18.x prior to 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or w...
Digium Asterisk
2.1
CVSSv2
CVE-2020-28327
A res_pjsip_session crash exists in Asterisk Open Source 13.x prior to 13.37.1, 16.x prior to 16.14.1, 17.x prior to 17.8.1, and 18.x prior to 18.0.1. and Certified Asterisk prior to 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or...
Asterisk Open Source
Digium Certified Asterisk 16.8
9
CVSSv2
CVE-2019-18610
An issue exists in manager.c in Sangoma Asterisk up to and including 13.x, 16.x, 17.x and Certified Asterisk 13.21 up to and including 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AM...
Digium Certified Asterisk 13.21.0
Digium Asterisk
Debian Debian Linux 8.0
Debian Debian Linux 9.0
5.8
CVSSv2
CVE-2019-18790
An issue exists in channels/chan_sip.c in Sangoma Asterisk 13.x prior to 13.29.2, 16.x prior to 16.6.2, and 17.x prior to 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not nee...
Digium Certified Asterisk 13.21.0
Digium Asterisk
Debian Debian Linux 8.0
Debian Debian Linux 9.0
5
CVSSv2
CVE-2019-18976
An issue exists in res_pjsip_t38.c in Sangoma Asterisk up to and including 13.x and Certified Asterisk up to and including 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. Thi...
Digium Certified Asterisk 13.21
Digium Asterisk
Debian Debian Linux 9.0
4
CVSSv2
CVE-2019-15297
res_pjsip_t38 in Sangoma Asterisk 15.x prior to 15.7.4 and 16.x prior to 16.5.1 allows an malicious user to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.
Digium Asterisk
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »