Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
digium certified asterisk 13.1.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-17850
An issue exists in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSI...
Digium Asterisk
Digium Certified Asterisk 13.8
Digium Certified Asterisk 13.1.0
5.3
CVSSv3
CVE-2019-13161
An issue exists in Asterisk Open Source up to and including 13.27.0, 14.x and 15.x up to and including 15.7.2, and 16.x up to and including 16.4.0, and Certified Asterisk up to and including 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an m...
Digium Certified Asterisk 11.6
Digium Certified Asterisk 1.8.14.0
Digium Certified Asterisk 11.4.0
Digium Certified Asterisk 13.1.0
Digium Certified Asterisk 11.1.0
Digium Certified Asterisk 1.8.0.0
Digium Certified Asterisk 1.8.10.0
Digium Certified Asterisk 1.8.6.0
Digium Certified Asterisk 1.8.11
Digium Certified Asterisk 13.8
Digium Certified Asterisk 1.8.8.0
Digium Certified Asterisk 1.8.12.0
Digium Certified Asterisk 1.8.3.0
Digium Certified Asterisk 1.8.15
Digium Certified Asterisk 11.3.0
Digium Certified Asterisk 1.8.11.0
Digium Certified Asterisk 1.8.4.0
Digium Certified Asterisk 1.8.5.0
Digium Certified Asterisk 1.8.13.0
Digium Certified Asterisk 1.8.28
Digium Certified Asterisk 11.6.0
Digium Certified Asterisk 1.8.1.0
NA
CVE-2015-3008
Asterisk Open Source 1.8 prior to 1.8.32.3, 11.x prior to 11.17.1, 12.x prior to 12.8.2, and 13.x prior to 13.3.2 and Certified Asterisk 1.8.28 prior to 1.8.28-cert5, 11.6 prior to 11.6-cert11, and 13.1 prior to 13.1-cert2, when registering a SIP TLS device, does not properly han...
Digium Asterisk 1.8.0
Digium Asterisk 1.8.1
Digium Asterisk 1.8.1.1
Digium Asterisk 1.8.10.0
Digium Asterisk 1.8.10.1
Digium Asterisk 1.8.11.1
Digium Asterisk 1.8.12
Digium Asterisk 1.8.12.2
Digium Asterisk 1.8.13.0
Digium Asterisk 1.8.14.0
Digium Asterisk 1.8.14.1
Digium Asterisk 1.8.16.0
Digium Asterisk 1.8.17.0
Digium Asterisk 1.8.18.0
Digium Asterisk 1.8.19.0
Digium Asterisk 1.8.19.1
Digium Asterisk 1.8.20.0
Digium Asterisk 1.8.21.0
Digium Asterisk 1.8.22.0
Digium Asterisk 1.8.23.1
Digium Asterisk 1.8.24.0
Digium Asterisk 1.8.26.0
5.3
CVSSv3
CVE-2016-9938
An issue exists in Asterisk Open Source 11.x prior to 11.25.1, 13.x prior to 13.13.1, and 14.x prior to 14.2.1 and Certified Asterisk 11.x prior to 11.6-cert16 and 13.x prior to 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to str...
Digium Asterisk 11.0.0
Digium Asterisk 11.0.1
Digium Asterisk 11.10.0
Digium Asterisk 11.10.1
Digium Asterisk 11.14.1
Digium Asterisk 11.14.2
Digium Asterisk 11.19.0
Digium Asterisk 11.2.0
Digium Asterisk 11.21.1
Digium Asterisk 11.1.0
Digium Asterisk 11.12.0
Digium Asterisk 11.12.1
Digium Asterisk 11.16.0
Digium Asterisk 11.17.0
Digium Asterisk 11.2.1
Digium Asterisk 11.2.2
Digium Asterisk 11.23.0
Digium Asterisk 11.23.1
Digium Asterisk 11.5.1
Digium Asterisk 11.6.0
Digium Asterisk 13.0.0
Digium Asterisk 13.11.0
7.5
CVSSv3
CVE-2016-7551
chain_sip in Asterisk Open Source 11.x prior to 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 prior to 11.6-cert15 and 13.8 prior to 13.8-cert3 allows remote malicious users to cause a denial of service (port exhaustion).
Digium Asterisk 11.0.0
Digium Asterisk 11.0.1
Digium Asterisk 11.0.2
Digium Asterisk 11.1.0
Digium Asterisk 11.6.0
Digium Asterisk 11.6.1
Digium Asterisk 11.7.0
Digium Asterisk 11.8.0
Digium Asterisk 11.15.0
Digium Asterisk 11.15.1
Digium Asterisk 11.16.0
Digium Asterisk 11.17.0
Digium Asterisk 13.0.0
Digium Asterisk 13.0.1
Digium Asterisk 13.7.2
Digium Asterisk 13.8.0
Digium Asterisk 13.8.1
Digium Asterisk 11.1.1
Digium Asterisk 11.3.0
Digium Asterisk 11.5.0
Digium Asterisk 11.9.0
Digium Asterisk 11.10.1
6.5
CVSSv3
CVE-2016-2232
Asterisk Open Source 1.8.x, 11.x prior to 11.21.1, 12.x, and 13.x prior to 13.7.1 and Certified Asterisk 1.8.28, 11.6 prior to 11.6-cert12, and 13.1 prior to 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via...
Digium Asterisk 13.7.0
Digium Asterisk 13.4.0
Digium Asterisk 13.6.0
Digium Asterisk 13.2.0
Digium Asterisk 13.1.0
Digium Asterisk 12.8.0
Digium Asterisk 12.6.0
Digium Asterisk 12.5.0
Digium Asterisk 12.3.0
Digium Asterisk 12.2.0
Digium Asterisk 12.1.0
Digium Asterisk 11.19.0
Digium Asterisk 11.18.0
Digium Asterisk 11.9.0
Digium Asterisk 11.8.0
Digium Asterisk 11.7.0
Digium Asterisk 11.2.0
Digium Asterisk 11.14.0
Digium Asterisk 11.11.0
Digium Asterisk 11.10.1
Digium Asterisk 11.1.0
Digium Asterisk 11.0.0
5.9
CVSSv3
CVE-2016-2316
chan_sip in Asterisk Open Source 1.8.x, 11.x prior to 11.21.1, 12.x, and 13.x prior to 13.7.1 and Certified Asterisk 1.8.28, 11.6 prior to 11.6-cert12, and 13.1 prior to 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote malicio...
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Digium Asterisk 13.5.0
Digium Asterisk 13.1.0
Digium Asterisk 13.0.1
Digium Asterisk 12.7.1
Digium Asterisk 12.7.0
Digium Asterisk 12.5.0
Digium Asterisk 12.4.0
Digium Asterisk 12.2.0
Digium Asterisk 12.0.0
Digium Asterisk 11.21.0
Digium Asterisk 11.17.0
Digium Asterisk 11.16.0
Digium Asterisk 11.9.0
Digium Asterisk 11.7.0
Digium Asterisk 11.14.0
Digium Asterisk 11.13.0
Digium Asterisk 13.7.0
Digium Asterisk 13.2.0
Digium Asterisk 12.8.1
Digium Asterisk 12.8.0
8.8
CVSSv3
CVE-2017-7617
Remote code execution can occur in Asterisk Open Source 13.x prior to 13.14.1 and 14.x prior to 14.3.1 and Certified Asterisk 13.13 prior to 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI M...
Digium Asterisk 14.3.0
Digium Asterisk 13.10.0
Digium Asterisk 14.0
Digium Asterisk 14.0.0
Digium Asterisk 13.11.0
Digium Asterisk 13.11.1
Digium Asterisk 13.11.2
Digium Asterisk 13.5.0
Digium Asterisk 13.6.0
Digium Asterisk 13.7.0
Digium Asterisk 13.0.0
Digium Asterisk 13.0.1
Digium Asterisk 13.0.2
Digium Asterisk 14.0.2
Digium Asterisk 14.01
Digium Asterisk 14.02
Digium Asterisk 14.1
Digium Asterisk 14.1.0
Digium Asterisk 13.13
Digium Asterisk 13.13.0
Digium Asterisk 13.2.0
Digium Asterisk 13.8.0
7.5
CVSSv3
CVE-2017-14603
In Asterisk 11.x prior to 11.25.3, 13.x prior to 13.17.2, and 14.x prior to 14.6.2 and Certified Asterisk 11.x prior to 11.6-cert18 and 13.x prior to 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat&qu...
Digium Asterisk 13.0.2
Digium Asterisk 13.1.0
Digium Asterisk 13.1.1
Digium Asterisk 13.7.1
Digium Asterisk 13.7.2
Digium Asterisk 13.8.0
Digium Asterisk 13.13
Digium Asterisk 13.13.0
Digium Asterisk 13.13.1
Digium Asterisk 13.14.0
Digium Asterisk 13.0.0
Digium Asterisk 13.3.2
Digium Asterisk 13.4.0
Digium Asterisk 13.5.0
Digium Asterisk 13.10.0
Digium Asterisk 13.11.0
Digium Asterisk 13.11.1
Digium Asterisk 13.11.2
Digium Asterisk 13.15.0
Digium Asterisk 13.0.1
Digium Asterisk 13.2.0
Digium Asterisk 13.3.0
7.5
CVSSv3
CVE-2017-14099
In res/res_rtp_asterisk.c in Asterisk 11.x prior to 11.25.2, 13.x prior to 13.17.1, and 14.x prior to 14.6.1 and Certified Asterisk 11.x prior to 11.6-cert17 and 13.x prior to 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful tim...
Digium Asterisk 13.16.0
Digium Asterisk 13.14.0
Digium Asterisk 13.0.1
Digium Asterisk 13.0.2
Digium Asterisk 13.1.0
Digium Asterisk 13.3.0
Digium Asterisk 13.3.2
Digium Asterisk 13.7.0
Digium Asterisk 13.7.1
Digium Asterisk 13.10.0
Digium Asterisk 13.12.2
Digium Asterisk 13.13
Digium Asterisk 13.17.0
Digium Asterisk 13.15.0
Digium Asterisk 13.0.0
Digium Asterisk 13.2.0
Digium Asterisk 13.2.1
Digium Asterisk 13.6.0
Digium Asterisk 13.8.2
Digium Asterisk 13.9.0
Digium Asterisk 13.9.1
Digium Asterisk 13.12.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »