1.8.32.0

DATE	CVE	VULNERABILITY TITLE	RISK
2014-11-24	CVE-2014-8414	Resource Management Errors vulnerability in Digium Asterisk and Certified Asterisk ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media. network low complexity digium CWE-399	5.0
2014-11-24	CVE-2014-8412	Permissions, Privileges, and Access Controls vulnerability in Digium Asterisk and Certified Asterisk The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry. network low complexity digium CWE-264	5.0
2014-06-17	CVE-2014-4048	Denial of Service vulnerability in Asterisk PJSIP Channel Driver The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout. network digium	4.3