Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
freeswitch freeswitch vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-41105
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When handling SRTP calls, FreeSWITCH prior to version 1.10.7 is susceptible to a DoS where calls ...
Freeswitch Freeswitch
5
CVSSv2
CVE-2021-41145
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. FreeSWITCH prior to version 1.10.7 is susceptible to Denial of Service via SIP flooding. When flo...
Freeswitch Freeswitch
5
CVSSv2
CVE-2021-37624
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam a...
Freeswitch Freeswitch
2 Github repositories
5
CVSSv2
CVE-2021-36513
An issue exists in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch prior to 1.10.6, may allow malicious users to view sensitive information due to an uninitialized value.
Signalwire Freeswitch
4.6
CVSSv2
CVE-2020-27613
The installation procedure in BigBlueButton prior to 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.
Bigbluebutton Bigbluebutton
7.5
CVSSv2
CVE-2019-19492
FreeSWITCH 1.6.10 up to and including 1.10.1 has a default password in event_socket.conf.xml.
Freeswitch Freeswitch
3 Github repositories
7.6
CVSSv2
CVE-2018-19911
FreeSWITCH up to and including 1.8.2, when mod_xml_rpc is enabled, allows remote malicious users to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This...
Freeswitch Freeswitch
7.5
CVSSv2
CVE-2015-7392
Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH prior to 1.4.23 and 1.6.x prior to 1.6.2 allows remote malicious users to execute arbitrary code via a trailing \u in a json string to cJSON_Parse.
Freeswitch Freeswitch 1.6.0
Freeswitch Freeswitch
6.8
CVSSv2
CVE-2013-2238
Multiple buffer overflows in the switch_perform_substitution function in switch_regex.c in FreeSWITCH 1.2 allow remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the index and substituted variables.
Freeswitch Freeswitch 1.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2