Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
digium vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-12827
Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and previous versions allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.
Digium Certified Asterisk 13.21
Digium Asterisk
5
CVSSv2
CVE-2021-26712
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated malicious user to prematurely terminate secure calls by replaying SRTP packets.
Digium Asterisk
Digium Certified Asterisk 16.8
5
CVSSv2
CVE-2021-26717
An issue exists in Sangoma Asterisk 16.x prior to 16.16.1, 17.x prior to 17.9.2, and 18.x prior to 18.2.1 and Certified Asterisk prior to 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in t...
Digium Asterisk
Digium Certified Asterisk 16.8
4.3
CVSSv2
CVE-2014-2288
The PJSIP channel driver in Asterisk Open Source 12.x prior to 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote malicious users to cause a denial of service (cra...
Digium Asterisk 12.1.0
Digium Asterisk 12.0.0
3.5
CVSSv2
CVE-2014-2289
res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x prior to 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.
Digium Asterisk 12.1.0
Digium Asterisk 12.0.0
5
CVSSv2
CVE-2018-12227
An issue exists in Asterisk Open Source 13.x prior to 13.21.1, 14.x prior to 14.7.7, and 15.x prior to 15.4.1 and Certified Asterisk 13.18-cert prior to 13.18-cert4 and 13.21-cert prior to 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 ...
Digium Asterisk
Digium Certified Asterisk 13.21
Digium Certified Asterisk 13.18
Debian Debian Linux 9.0
7.8
CVSSv2
CVE-2007-4103
The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x prior to 1.2.23, 1.4.x prior to 1.4.9, and Asterisk Appliance Developer Kit prior to 0.6.0, when configured to allow unauthenticated calls, allows remote malicious users to cause a denial of service (resource exhaustion) ...
Digium Asterisk
Digium Asterisk Appliance Developer Kit
6
CVSSv2
CVE-2011-0495
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source prior to 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users ...
Digium Asterisk
Digium Asterisknow 1.5
Fedoraproject Fedora 13
Fedoraproject Fedora 14
Debian Debian Linux 6.0
Digium S800i Firmware 1.2.0
5
CVSSv2
CVE-2019-18976
An issue exists in res_pjsip_t38.c in Sangoma Asterisk up to and including 13.x and Certified Asterisk up to and including 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. Thi...
Digium Certified Asterisk 13.21
Digium Asterisk
Debian Debian Linux 9.0
6.8
CVSSv2
CVE-2007-5358
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x prior to 1.4.13, when using IMAP storage, might allow (1) remote malicious users to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to exec...
Digium Asterisk
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »