Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
digium asterisk vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2014-8413
The res_pjsip_acl module in Asterisk Open Source 12.x prior to 12.7.1 and 13.x prior to 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote malicious users to bypass intended PJSIP ACL rules.
Digium Asterisk
7.5
CVSSv2
CVE-2014-2286
main/http.c in Asterisk Open Source 1.8.x prior to 1.8.26.1, 11.8.x prior to 11.8.1, and 12.1.x prior to 12.1.1, and Certified Asterisk 1.8.x prior to 1.8.15-cert5 and 11.6 prior to 11.6-cert2, allows remote malicious users to cause a denial of service (stack consumption) and pos...
Digium Asterisk 1.8.3
Digium Asterisk 1.8.8.0
Digium Asterisk 1.8.11.0
Digium Asterisk 1.8.24.1
Digium Asterisk 1.8.2.4
Digium Asterisk 1.8.20.2
Digium Asterisk 1.8.0
Digium Asterisk 1.8.6.0
Digium Asterisk 1.8.1
Digium Asterisk 1.8.1.2
Digium Asterisk 11.8.0
Digium Asterisk 1.8.7.1
Digium Asterisk 1.8.21.0
Digium Asterisk 1.8.16.0
Digium Asterisk 1.8.7.0
Digium Asterisk 1.8.13.0
Digium Asterisk 1.8.17.0
Digium Asterisk 1.8.4.3
Digium Asterisk 1.8.19.0
Digium Asterisk 1.8.13.1
Digium Asterisk 1.8.24.0
Digium Asterisk 1.8.10.0
7.5
CVSSv2
CVE-2012-1184
Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x prior to 1.8.10.1 and 10.x prior to 10.2.1 allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Auth...
Digium Asterisk 1.8.3
Digium Asterisk 1.8.8.0
Digium Asterisk 1.8.2.4
Digium Asterisk 1.8.0
Digium Asterisk 1.8.6.0
Digium Asterisk 1.8.1.2
Digium Asterisk 1.8.7.1
Digium Asterisk 1.8.7.0
Digium Asterisk 1.8.4.3
Digium Asterisk 1.8.10.0
Digium Asterisk 1.8.4
Digium Asterisk 1.8.9.0
Digium Asterisk 1.8.9.3
Digium Asterisk 1.8.4.4
Digium Asterisk 1.8.5.0
Digium Asterisk 1.8.3.1
Digium Asterisk 1.8.8.1
Digium Asterisk 1.8.3.2
Digium Asterisk 1.8.4.2
Digium Asterisk 1.8.9.1
Digium Asterisk 1.8.2.3
Digium Asterisk 1.8.3.3
1 EDB exploit
7.5
CVSSv2
CVE-2007-6171
SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x prior to 1.4.15 and C.x before C.1.0-beta6 allows remote malicious users to execute arbitrary SQL commands via unknown vectors.
Digium Asterisk
Digium Asterisk C.1.0
7.5
CVSSv2
CVE-2006-5444
Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x prior to 1.0.12 and 1.2.x prior to 1.2.13, as used by Cisco SCCP phones, allows remote malicious users to execute arbitrary code via a certain dlen value that passes a signed...
Digium Asterisk 0.4
Digium Asterisk 1.2.11
Digium Asterisk 1.2.12
Digium Asterisk 1.0
Digium Asterisk 0.7.1
Digium Asterisk 0.1.9
Digium Asterisk 1.2.10
Digium Asterisk 0.7.2
Digium Asterisk 1.2.9
Digium Asterisk 0.2
Digium Asterisk 1.0.9
Digium Asterisk 0.7
Digium Asterisk 1.2 Beta2
Digium Asterisk 1.0.10
Digium Asterisk 0.1.9.1
Digium Asterisk 0.1.8
Digium Asterisk 1.2.8
Digium Asterisk 1.2.6
Digium Asterisk 0.1.7
Digium Asterisk 1.0.8
Digium Asterisk 1.2.7
Digium Asterisk 1.2 Beta1
1 EDB exploit
7.5
CVSSv2
CVE-2006-4345
Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 up to and including 1.2.10 allows remote malicious users to execute arbitrary code via a crafted audit endpoint (AUEP) response.
Digium Asterisk 1.2.0 Beta1
Digium Asterisk 1.2.10
Digium Asterisk 1.2.9
Digium Asterisk 1.0.9
Digium Asterisk 1.0.2
Digium Asterisk 1.0 Rc2
Digium Asterisk 1.0.10
Digium Asterisk 1.0.1
Digium Asterisk 1.0.3
Digium Asterisk 1.0.5
Digium Asterisk 1.2.8
Digium Asterisk 1.0.6
Digium Asterisk 1.2.6
Digium Asterisk 1.0.4
Digium Asterisk 1.0.8
Digium Asterisk 1.2.7
Digium Asterisk 1.2.0 Beta2
Digium Asterisk 1.0.0
Digium Asterisk 1.0.7
Digium Asterisk 1.0 Rc1
7.5
CVSSv2
CVE-2006-4346
Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote malicious users to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as de...
Digium Asterisk 1.2.10
7.5
CVSSv2
CVE-2006-2898
The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x prior to 1.2.9 and 1.0.x prior to 1.0.11 allows remote malicious users to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buff...
Digium Asterisk 1.2.0 Beta1
Digium Asterisk 1.0.9
Digium Asterisk 1.0.10
Digium Asterisk 1.2.8
Digium Asterisk 1.2.6
Digium Asterisk 1.0.8
Digium Asterisk 1.2.7
Digium Asterisk 1.2.0 Beta2
Digium Asterisk 1.0.7
7.5
CVSSv2
CVE-2003-0779
SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote malicious users to execute arbitrary SQL via a CallerID string.
Digium Asterisk 0.4
Digium Asterisk 0.1.9
Digium Asterisk 0.2
Digium Asterisk 0.1.9.1
Digium Asterisk 0.1.8
Digium Asterisk 0.1.7
Digium Asterisk 0.3
7.5
CVSSv2
CVE-2003-0761
Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote malicious users to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests.
Digium Asterisk 1.2.13
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »