Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
digium asterisk vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-26712
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated malicious user to prematurely terminate secure calls by replaying SRTP packets.
Digium Certified Asterisk 16.8
Digium Asterisk
383
VMScore
CVE-2020-35776
A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote malicious user to crash Asterisk by deliberately misusing SIP 181 responses.
Digium Asterisk
445
VMScore
CVE-2021-26717
An issue exists in Sangoma Asterisk 16.x prior to 16.16.1, 17.x prior to 17.9.2, and 18.x prior to 18.2.1 and Certified Asterisk prior to 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in t...
Digium Certified Asterisk 16.8
Digium Asterisk
383
VMScore
CVE-2021-26906
An issue exists in res_pjsip_session.c in Digium Asterisk up to and including 13.38.1; 14.x, 15.x, and 16.x up to and including 16.16.0; 17.x up to and including 17.9.1; and 18.x up to and including 18.2.0, and Certified Asterisk up to and including 16.8-cert5. An SDP negotiation...
Digium Certified Asterisk 16.8
Digium Asterisk
356
VMScore
CVE-2020-35652
An issue exists in res_pjsip_diversion.c in Sangoma Asterisk prior to 13.38.0, 14.x up to and including 16.x prior to 16.15.0, 17.x prior to 17.9.0, and 18.x prior to 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or w...
Digium Asterisk
187
VMScore
CVE-2020-28327
A res_pjsip_session crash exists in Asterisk Open Source 13.x prior to 13.37.1, 16.x prior to 16.14.1, 17.x prior to 17.8.1, and 18.x prior to 18.0.1. and Certified Asterisk prior to 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or...
Asterisk Open Source
Digium Certified Asterisk 16.8
801
VMScore
CVE-2019-18610
An issue exists in manager.c in Sangoma Asterisk up to and including 13.x, 16.x, 17.x and Certified Asterisk 13.21 up to and including 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AM...
Digium Certified Asterisk 13.21.0
Digium Asterisk
Debian Debian Linux 8.0
Debian Debian Linux 9.0
445
VMScore
CVE-2019-18976
An issue exists in res_pjsip_t38.c in Sangoma Asterisk up to and including 13.x and Certified Asterisk up to and including 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. Thi...
Digium Certified Asterisk 13.21
Digium Asterisk
Debian Debian Linux 9.0
516
VMScore
CVE-2019-18790
An issue exists in channels/chan_sip.c in Sangoma Asterisk 13.x prior to 13.29.2, 16.x prior to 16.6.2, and 17.x prior to 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not nee...
Digium Certified Asterisk 13.21.0
Digium Asterisk
Debian Debian Linux 8.0
Debian Debian Linux 9.0
357
VMScore
CVE-2019-15297
res_pjsip_t38 in Sangoma Asterisk 15.x prior to 15.7.4 and 16.x prior to 16.5.1 allows an malicious user to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.
Digium Asterisk
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »