Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
digium vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-26712
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated malicious user to prematurely terminate secure calls by replaying SRTP packets.
Digium Asterisk
Digium Certified Asterisk 16.8
356
VMScore
CVE-2021-26713
A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk prior to 16.16.1, 17.x prior to 17.9.2, and 18.x prior to 18.2.1 and Certified Asterisk prior to 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold req...
Digium Asterisk
Digium Certified Asterisk 16.8
312
VMScore
CVE-2014-2289
res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x prior to 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.
Digium Asterisk 12.1.0
Digium Asterisk 12.0.0
383
VMScore
CVE-2014-2288
The PJSIP channel driver in Asterisk Open Source 12.x prior to 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote malicious users to cause a denial of service (cra...
Digium Asterisk 12.1.0
Digium Asterisk 12.0.0
356
VMScore
CVE-2019-12827
Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and previous versions allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.
Digium Certified Asterisk 13.21
Digium Asterisk
445
VMScore
CVE-2018-12227
An issue exists in Asterisk Open Source 13.x prior to 13.21.1, 14.x prior to 14.7.7, and 15.x prior to 15.4.1 and Certified Asterisk 13.18-cert prior to 13.18-cert4 and 13.21-cert prior to 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 ...
Digium Asterisk
Digium Certified Asterisk 13.21
Digium Certified Asterisk 13.18
Debian Debian Linux 9.0
694
VMScore
CVE-2007-4103
The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x prior to 1.2.23, 1.4.x prior to 1.4.9, and Asterisk Appliance Developer Kit prior to 0.6.0, when configured to allow unauthenticated calls, allows remote malicious users to cause a denial of service (resource exhaustion) ...
Digium Asterisk
Digium Asterisk Appliance Developer Kit
534
VMScore
CVE-2011-0495
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source prior to 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users ...
Digium Asterisk
Digium Asterisknow 1.5
Fedoraproject Fedora 13
Fedoraproject Fedora 14
Debian Debian Linux 6.0
Digium S800i Firmware 1.2.0
445
VMScore
CVE-2019-18976
An issue exists in res_pjsip_t38.c in Sangoma Asterisk up to and including 13.x and Certified Asterisk up to and including 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. Thi...
Digium Certified Asterisk 13.21
Digium Asterisk
Debian Debian Linux 9.0
605
VMScore
CVE-2007-5358
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x prior to 1.4.13, when using IMAP storage, might allow (1) remote malicious users to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to exec...
Digium Asterisk
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »