Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
digium vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-8417
ConfBridge in Asterisk 11.x prior to 11.14.1, 12.x prior to 12.7.1, and 13.x prior to 13.0.1 and Certified Asterisk 11.6 prior to 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or...
Digium Asterisk
Digium Certified Asterisk 11.6.0
Digium Certified Asterisk 11.6
7.5
CVSSv3
CVE-2018-17281
There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk up to and including 13.23.0, 14.7.x up to and including 14.7.7, and 15.x up to and including 15.6.0 and Certified Asterisk up to and including 13.21-cert2. It allows an malicious user to cr...
Digium Asterisk
Digium Certified Asterisk 13.13
Digium Certified Asterisk 13.1
Digium Certified Asterisk 11.6
Digium Certified Asterisk 13.21
Digium Certified Asterisk 13.8
Debian Debian Linux 8.0
Debian Debian Linux 9.0
NA
CVE-2009-2726
The SIP channel driver in Asterisk Open Source 1.2.x prior to 1.2.34, 1.4.x prior to 1.4.26.1, 1.6.0.x prior to 1.6.0.12, and 1.6.1.x prior to 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800...
Digium Asterisk
Digium S800i Firmware
6.5
CVSSv3
CVE-2018-7286
An issue exists in Asterisk up to and including 13.19.1, 14.x up to and including 14.7.5, and 15.x up to and including 15.2.1, and Certified Asterisk up to and including 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a n...
Digium Asterisk
Digium Asterisk 13.19.1
Digium Certified Asterisk
Debian Debian Linux 9.0
1 EDB exploit
7.5
CVSSv3
CVE-2018-7284
A Buffer Overflow issue exists in Asterisk up to and including 13.19.1, 14.x up to and including 14.7.5, and 15.x up to and including 15.2.1, and Certified Asterisk up to and including 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accept...
Digium Asterisk
Digium Certified Asterisk 13.18
Digium Certified Asterisk
Debian Debian Linux 9.0
1 EDB exploit
1 Github repository
8.8
CVSSv3
CVE-2017-16671
A Buffer Overflow issue exists in Asterisk Open Source 13 prior to 13.18.1, 14 prior to 14.7.1, and 15 prior to 15.1.1 and Certified Asterisk 13.13 prior to 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to...
Digium Asterisk
Digium Certified Asterisk 13.13.0
5.9
CVSSv3
CVE-2017-16672
An issue exists in Asterisk Open Source 13 prior to 13.18.1, 14 prior to 14.7.1, and 15 prior to 15.1.1 and Certified Asterisk 13.13 prior to 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself i...
Digium Asterisk
Digium Certified Asterisk 13.13.0
NA
CVE-2014-2289
res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x prior to 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.
Digium Asterisk 12.1.0
Digium Asterisk 12.0.0
6.5
CVSSv3
CVE-2019-12827
Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and previous versions allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.
Digium Certified Asterisk 13.21
Digium Asterisk
NA
CVE-2007-6171
SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x prior to 1.4.15 and C.x before C.1.0-beta6 allows remote malicious users to execute arbitrary SQL commands via unknown vectors.
Digium Asterisk C.1.0
Digium Asterisk
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »