Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
asterisk vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2018-7287
An issue exists in res_http_websocket.c in Asterisk 15.x up to and including 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).
Digium Asterisk 15.0.0
Digium Asterisk 15.1.0
Digium Asterisk 15.2.0
Digium Asterisk 15.2.1
Digium Asterisk 15.1.2
Digium Asterisk 15.1.4
Digium Asterisk 15.1.1
Digium Asterisk 15.1.3
Digium Asterisk 15.1.5
NA
CVE-2012-0885
chan_sip.c in Asterisk Open Source 1.8.x prior to 1.8.8.2 and 10.x prior to 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SD...
Asterisk Open Source 1.8.0
Asterisk Open Source 1.8.2
Asterisk Open Source 1.8.2.1
Asterisk Open Source 1.8.2.2
Asterisk Open Source 1.8.4.1
Asterisk Open Source 1.8.4.2
Asterisk Open Source 1.8.4.3
Asterisk Open Source 1.8.4.4
Asterisk Open Source 1.8.8.0
Asterisk Open Source 1.8.3
Asterisk Open Source 1.8.3.1
Asterisk Open Source 1.8.3.2
Asterisk Open Source 1.8.3.3
Asterisk Open Source 1.8.6.0
Asterisk Open Source 1.8.7.0
Asterisk Open Source 1.8.1
Asterisk Open Source 1.8.1.1
Asterisk Open Source 1.8.2.4
Asterisk Open Source 1.8.4
Asterisk Open Source 1.8.5
Asterisk Open Source 1.8.7.1
Asterisk Open Source 1.8.1.2
5.3
CVSSv3
CVE-2019-13161
An issue exists in Asterisk Open Source up to and including 13.27.0, 14.x and 15.x up to and including 15.7.2, and 16.x up to and including 16.4.0, and Certified Asterisk up to and including 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an m...
Digium Certified Asterisk 11.6
Digium Certified Asterisk 1.8.14.0
Digium Certified Asterisk 11.4.0
Digium Certified Asterisk 13.1.0
Digium Certified Asterisk 11.1.0
Digium Certified Asterisk 1.8.0.0
Digium Certified Asterisk 1.8.10.0
Digium Certified Asterisk 1.8.6.0
Digium Certified Asterisk 1.8.11
Digium Certified Asterisk 13.8
Digium Certified Asterisk 1.8.8.0
Digium Certified Asterisk 1.8.12.0
Digium Certified Asterisk 1.8.3.0
Digium Certified Asterisk 1.8.15
Digium Certified Asterisk 11.3.0
Digium Certified Asterisk 1.8.11.0
Digium Certified Asterisk 1.8.4.0
Digium Certified Asterisk 1.8.5.0
Digium Certified Asterisk 1.8.13.0
Digium Certified Asterisk 1.8.28
Digium Certified Asterisk 11.6.0
Digium Certified Asterisk 1.8.1.0
NA
CVE-2003-0779
SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote malicious users to execute arbitrary SQL via a CallerID string.
Digium Asterisk 0.3
Digium Asterisk 0.4
Digium Asterisk 0.1.7
Digium Asterisk 0.1.8
Digium Asterisk 0.1.9.1
Digium Asterisk 0.1.9
Digium Asterisk 0.2
NA
CVE-2014-4048
The PJSIP Channel Driver in Asterisk Open Source prior to 12.3.1 allows remote malicious users to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.
Digium Asterisk 12.2.0
Digium Asterisk 12.0.0
Digium Asterisk 12.3.0
Digium Asterisk 12.1.0
Digium Asterisk
Digium Asterisk 12.1.1
NA
CVE-2014-6609
The res_pjsip_pubsub module in Asterisk Open Source 12.x prior to 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.
Digium Asterisk 12.2.0
Digium Asterisk 12.1.0
Digium Asterisk 12.5.0
Digium Asterisk 12.4.0
Digium Asterisk 12.3.0
Digium Asterisk 12.0.0
6.5
CVSSv3
CVE-2021-31878
An issue exists in PJSIP in Asterisk prior to 16.19.1 and prior to 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.
Digium Asterisk 16.17.0
Digium Asterisk 16.18.0
Digium Asterisk 16.19.0
Digium Asterisk 18.3.0
Digium Asterisk 18.4.0
Digium Asterisk 18.5.0
NA
CVE-2014-4045
The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x prior to 12.3.1, when sub_min_expiry is set to zero, allows remote malicious users to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to...
Digium Asterisk 12.2.0
Digium Asterisk 12.0.0
Digium Asterisk 12.1.0
Digium Asterisk 12.1.1
Digium Asterisk 12.3.0
NA
CVE-2008-5744
Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) 1.4.11 and previous versions allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wr...
Asterisk Zaptel
Asterisk Zaptel 1.4
Asterisk Zaptel 1.2
Asterisk Zaptel 1.2.27
NA
CVE-2008-5396
Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in Zaptel (aka DAHDI) 1.4.11 and previous versions allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field...
Asterisk Zaptel 1.2.27
Asterisk Zaptel 1.4
Asterisk Zaptel
Asterisk Zaptel 1.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »