Vulnerabilities > Digium > Asterisk > 14.3.1

DATE CVE VULNERABILITY TITLE RISK
2023-12-14 CVE-2023-37457 Classic Buffer Overflow vulnerability in multiple products
Asterisk is an open source private branch exchange and telephony toolkit.
network
low complexity
sangoma digium CWE-120
8.2
8.2
2023-12-14 CVE-2023-49294 Path Traversal vulnerability in multiple products
Asterisk is an open source private branch exchange and telephony toolkit.
network
low complexity
sangoma digium CWE-22
7.5
7.5
2023-12-14 CVE-2023-49786 Race Condition vulnerability in multiple products
Asterisk is an open source private branch exchange and telephony toolkit.
network
high complexity
sangoma digium CWE-362
5.9
5.9
2021-01-29 CVE-2020-35652 Unspecified vulnerability in Digium Asterisk
An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0.
network
low complexity
digium
4.0
4.0
2018-09-24 CVE-2018-17281 Resource Exhaustion vulnerability in multiple products
There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2.
network
low complexity
digium debian CWE-400
5.0
5.0
2018-06-12 CVE-2018-12227 Information Exposure vulnerability in multiple products
An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2.
network
low complexity
digium debian CWE-200
5.0
5.0
2018-02-22 CVE-2018-7286 An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2.
network
low complexity
digium debian
4.0
4.0
2018-02-22 CVE-2018-7284 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Asterisk
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2.
network
low complexity
digium debian CWE-119
5.0
5.0
2017-12-27 CVE-2017-17850 Improper Input Validation vulnerability in Digium Asterisk and Certified Asterisk
An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older.
network
low complexity
digium CWE-20
5.0
5.0
2017-12-13 CVE-2017-17664 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Asterisk and Certified Asterisk
A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9.
network
digium CWE-119
4.3
4.3