Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
digium vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-17850
An issue exists in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSI...
Digium Asterisk
Digium Certified Asterisk 13.8
Digium Certified Asterisk 13.1.0
5
CVSSv2
CVE-2018-17281
There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk up to and including 13.23.0, 14.7.x up to and including 14.7.7, and 15.x up to and including 15.6.0 and Certified Asterisk up to and including 13.21-cert2. It allows an malicious user to cr...
Digium Asterisk
Digium Certified Asterisk 13.13
Digium Certified Asterisk 13.1
Digium Certified Asterisk 11.6
Digium Certified Asterisk 13.21
Digium Certified Asterisk 13.8
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.8
CVSSv2
CVE-2009-2726
The SIP channel driver in Asterisk Open Source 1.2.x prior to 1.2.34, 1.4.x prior to 1.4.26.1, 1.6.0.x prior to 1.6.0.12, and 1.6.1.x prior to 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800...
Digium Asterisk
Digium S800i Firmware
4
CVSSv2
CVE-2018-7286
An issue exists in Asterisk up to and including 13.19.1, 14.x up to and including 14.7.5, and 15.x up to and including 15.2.1, and Certified Asterisk up to and including 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a n...
Digium Asterisk
Digium Asterisk 13.19.1
Digium Certified Asterisk
Debian Debian Linux 9.0
1 EDB exploit
5
CVSSv2
CVE-2018-7284
A Buffer Overflow issue exists in Asterisk up to and including 13.19.1, 14.x up to and including 14.7.5, and 15.x up to and including 15.2.1, and Certified Asterisk up to and including 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accept...
Digium Asterisk
Digium Certified Asterisk 13.18
Digium Certified Asterisk
Debian Debian Linux 9.0
1 EDB exploit
1 Github repository
4
CVSSv2
CVE-2021-26713
A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk prior to 16.16.1, 17.x prior to 17.9.2, and 18.x prior to 18.2.1 and Certified Asterisk prior to 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold req...
Digium Asterisk
Digium Certified Asterisk 16.8
4.3
CVSSv2
CVE-2021-26906
An issue exists in res_pjsip_session.c in Digium Asterisk up to and including 13.38.1; 14.x, 15.x, and 16.x up to and including 16.16.0; 17.x up to and including 17.9.1; and 18.x up to and including 18.2.0, and Certified Asterisk up to and including 16.8-cert5. An SDP negotiation...
Digium Asterisk
Digium Certified Asterisk 16.8
7.5
CVSSv2
CVE-2007-6171
SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x prior to 1.4.15 and C.x before C.1.0-beta6 allows remote malicious users to execute arbitrary SQL commands via unknown vectors.
Digium Asterisk C.1.0
Digium Asterisk
4.3
CVSSv2
CVE-2014-2288
The PJSIP channel driver in Asterisk Open Source 12.x prior to 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote malicious users to cause a denial of service (cra...
Digium Asterisk 12.1.0
Digium Asterisk 12.0.0
3.5
CVSSv2
CVE-2014-2289
res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x prior to 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.
Digium Asterisk 12.1.0
Digium Asterisk 12.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »