Vulnerabilities > Digium > Asterisk > 14.0

DATE CVE VULNERABILITY TITLE RISK
2023-12-14 CVE-2023-37457 Classic Buffer Overflow vulnerability in multiple products
Asterisk is an open source private branch exchange and telephony toolkit.
network
low complexity
sangoma digium CWE-120
8.2
2023-12-14 CVE-2023-49294 Asterisk is an open source private branch exchange and telephony toolkit.
network
low complexity
sangoma digium
7.5
2023-12-14 CVE-2023-49786 Race Condition vulnerability in multiple products
Asterisk is an open source private branch exchange and telephony toolkit.
network
high complexity
sangoma digium CWE-362
5.9
2021-01-29 CVE-2020-35652 Unspecified vulnerability in Digium Asterisk
An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0.
network
low complexity
digium
6.5
2017-12-02 CVE-2017-17090 Incomplete Cleanup vulnerability in Digium Certified Asterisk
An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older.
network
low complexity
digium CWE-459
7.5
2017-10-10 CVE-2017-14603 Information Exposure vulnerability in Digium Asterisk
In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.
network
low complexity
digium CWE-200
7.5
2017-09-02 CVE-2017-14100 OS Command Injection vulnerability in Digium Asterisk
In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible.
network
low complexity
digium CWE-78
critical
9.8
2017-09-02 CVE-2017-14099 Information Exposure vulnerability in Digium Asterisk
In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker.
network
low complexity
digium CWE-200
7.5
2017-09-02 CVE-2017-14098 Improper Input Validation vulnerability in Digium Asterisk
In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.
network
low complexity
digium CWE-20
7.5
2017-04-10 CVE-2017-7617 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Asterisk
Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.
network
low complexity
digium CWE-119
8.8