Vulnerabilities > Digium > Asterisk > 10.12.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-14 | CVE-2023-37457 | Classic Buffer Overflow vulnerability in multiple products Asterisk is an open source private branch exchange and telephony toolkit. | 8.2 |
| 2023-12-14 | CVE-2023-49294 | Path Traversal vulnerability in multiple products Asterisk is an open source private branch exchange and telephony toolkit. | 7.5 |
| 2023-12-14 | CVE-2023-49786 | Race Condition vulnerability in multiple products Asterisk is an open source private branch exchange and telephony toolkit. | 5.9 |
| 2021-01-29 | CVE-2020-35652 | Unspecified vulnerability in Digium Asterisk An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. | 4.0 |
| 2018-02-22 | CVE-2018-7284 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Asterisk A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. | 5.0 |
| 2017-12-02 | CVE-2017-17090 | Incomplete Cleanup vulnerability in Digium Asterisk and Certified Asterisk An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. | 5.0 |
| 2014-06-17 | CVE-2014-4048 | Denial of Service vulnerability in Asterisk PJSIP Channel Driver The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout. network digium | 4.3 |
| 2013-12-19 | CVE-2013-7100 | Buffer Errors vulnerability in Digium Asterisk, Asterisk Digiumphones and Certified Asterisk Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop. | 5.0 |
| 2013-09-09 | CVE-2013-5642 | Improper Input Validation vulnerability in Digium Asterisk, Asterisk Digiumphones and Certified Asterisk The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request. | 5.0 |