Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
digium asterisk vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-7285
A NULL pointer access issue exists in Asterisk 15.x up to and including 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired one...
Digium Asterisk
6.5
CVSSv3
CVE-2018-7286
An issue exists in Asterisk up to and including 13.19.1, 14.x up to and including 14.7.5, and 15.x up to and including 15.2.1, and Certified Asterisk up to and including 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a n...
Digium Asterisk
Digium Asterisk 13.19.1
Digium Certified Asterisk
Debian Debian Linux 9.0
1 EDB exploit
7.5
CVSSv3
CVE-2017-17850
An issue exists in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSI...
Digium Asterisk
Digium Certified Asterisk 13.8
Digium Certified Asterisk 13.1.0
5.9
CVSSv3
CVE-2017-17664
A Remote Crash issue exists in Asterisk Open Source 13.x prior to 13.18.4, 14.x prior to 14.7.4, and 15.x prior to 15.1.4 and Certified Asterisk prior to 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.
Digium Asterisk
Digium Certified Asterisk 13.13
Digium Certified Asterisk
7.5
CVSSv3
CVE-2017-17090
An issue exists in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk proc...
Digium Certified Asterisk 13.13
Digium Certified Asterisk
Digium Asterisk
1 EDB exploit
8.8
CVSSv3
CVE-2017-16671
A Buffer Overflow issue exists in Asterisk Open Source 13 prior to 13.18.1, 14 prior to 14.7.1, and 15 prior to 15.1.1 and Certified Asterisk 13.13 prior to 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to...
Digium Asterisk
Digium Certified Asterisk 13.13.0
5.9
CVSSv3
CVE-2017-16672
An issue exists in Asterisk Open Source 13 prior to 13.18.1, 14 prior to 14.7.1, and 15 prior to 15.1.1 and Certified Asterisk 13.13 prior to 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself i...
Digium Asterisk
Digium Certified Asterisk 13.13.0
7.5
CVSSv3
CVE-2017-14603
In Asterisk 11.x prior to 11.25.3, 13.x prior to 13.17.2, and 14.x prior to 14.6.2 and Certified Asterisk 11.x prior to 11.6-cert18 and 13.x prior to 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat&qu...
Digium Asterisk 13.0.2
Digium Asterisk 13.1.0
Digium Asterisk 13.1.1
Digium Asterisk 13.7.1
Digium Asterisk 13.7.2
Digium Asterisk 13.8.0
Digium Asterisk 13.13
Digium Asterisk 13.13.0
Digium Asterisk 13.13.1
Digium Asterisk 13.14.0
Digium Asterisk 13.0.0
Digium Asterisk 13.3.2
Digium Asterisk 13.4.0
Digium Asterisk 13.5.0
Digium Asterisk 13.10.0
Digium Asterisk 13.11.0
Digium Asterisk 13.11.1
Digium Asterisk 13.11.2
Digium Asterisk 13.15.0
Digium Asterisk 13.0.1
Digium Asterisk 13.2.0
Digium Asterisk 13.3.0
8.8
CVSSv3
CVE-2017-14001
An Improper Neutralization of Special Elements used in an OS Command issue exists in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in...
Digium Asterisk Gui
7.5
CVSSv3
CVE-2017-14099
In res/res_rtp_asterisk.c in Asterisk 11.x prior to 11.25.2, 13.x prior to 13.17.1, and 14.x prior to 14.6.1 and Certified Asterisk 11.x prior to 11.6-cert17 and 13.x prior to 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful tim...
Digium Asterisk 13.16.0
Digium Asterisk 13.14.0
Digium Asterisk 13.0.1
Digium Asterisk 13.0.2
Digium Asterisk 13.1.0
Digium Asterisk 13.3.0
Digium Asterisk 13.3.2
Digium Asterisk 13.7.0
Digium Asterisk 13.7.1
Digium Asterisk 13.10.0
Digium Asterisk 13.12.2
Digium Asterisk 13.13
Digium Asterisk 13.17.0
Digium Asterisk 13.15.0
Digium Asterisk 13.0.0
Digium Asterisk 13.2.0
Digium Asterisk 13.2.1
Digium Asterisk 13.6.0
Digium Asterisk 13.8.2
Digium Asterisk 13.9.0
Digium Asterisk 13.9.1
Digium Asterisk 13.12.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »