Vulnerabilities > Digium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-14 | CVE-2023-37457 | Classic Buffer Overflow vulnerability in multiple products Asterisk is an open source private branch exchange and telephony toolkit. | 8.2 |
2023-12-14 | CVE-2023-49294 | Asterisk is an open source private branch exchange and telephony toolkit. | 7.5 |
2023-12-14 | CVE-2023-49786 | Race Condition vulnerability in multiple products Asterisk is an open source private branch exchange and telephony toolkit. | 5.9 |
2022-08-30 | CVE-2021-46837 | NULL Pointer Dereference vulnerability in multiple products res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. | 6.5 |
2022-04-15 | CVE-2022-26498 | Resource Exhaustion vulnerability in multiple products An issue was discovered in Asterisk through 19.x. | 7.5 |
2022-04-15 | CVE-2022-26499 | Server-Side Request Forgery (SSRF) vulnerability in multiple products An SSRF issue was discovered in Asterisk through 19.x. | 9.1 |
2022-04-15 | CVE-2022-26651 | SQL Injection vulnerability in multiple products An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. | 9.8 |
2021-07-30 | CVE-2021-31878 | Reachable Assertion vulnerability in Digium Asterisk An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. | 6.5 |
2021-07-30 | CVE-2021-32558 | Injection vulnerability in multiple products An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. | 7.5 |
2021-02-19 | CVE-2021-26713 | Out-of-bounds Write vulnerability in Digium Asterisk and Certified Asterisk A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. | 6.5 |