Vulnerabilities > Digium > Asterisk > 13.1.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-09 | CVE-2017-16671 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Asterisk A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. | 8.8 |
| 2017-10-10 | CVE-2017-14603 | Information Exposure vulnerability in Digium Asterisk In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report. | 7.5 |
| 2017-09-02 | CVE-2017-14100 | OS Command Injection vulnerability in Digium Asterisk In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. | 9.8 |
| 2017-09-02 | CVE-2017-14099 | Information Exposure vulnerability in Digium Asterisk In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. | 7.5 |
| 2017-09-02 | CVE-2017-14098 | Improper Input Validation vulnerability in Digium Asterisk In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash. | 7.5 |
| 2017-04-17 | CVE-2016-7551 | Resource Management Errors vulnerability in multiple products chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion). | 7.5 |
| 2017-04-10 | CVE-2017-7617 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Asterisk Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action. | 8.8 |
| 2016-12-12 | CVE-2016-9938 | Improper Authorization vulnerability in Digium Asterisk An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. | 5.3 |