Vulnerabilities > Digium > Asterisk > 14.7.5

DATE CVE VULNERABILITY TITLE RISK
2023-12-14 CVE-2023-37457 Classic Buffer Overflow vulnerability in multiple products
Asterisk is an open source private branch exchange and telephony toolkit.
network
low complexity
sangoma digium CWE-120
8.2
8.2
2023-12-14 CVE-2023-49294 Asterisk is an open source private branch exchange and telephony toolkit.
network
low complexity
sangoma digium
7.5
7.5
2023-12-14 CVE-2023-49786 Race Condition vulnerability in multiple products
Asterisk is an open source private branch exchange and telephony toolkit.
network
high complexity
sangoma digium CWE-362
5.9
5.9
2021-01-29 CVE-2020-35652 Unspecified vulnerability in Digium Asterisk
An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0.
network
low complexity
digium
6.5
6.5
2018-09-24 CVE-2018-17281 Resource Exhaustion vulnerability in multiple products
There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2.
network
low complexity
digium debian CWE-400
7.5
7.5
2018-06-12 CVE-2018-12227 Information Exposure vulnerability in multiple products
An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2.
network
low complexity
digium debian CWE-200
5.3
5.3
2018-02-22 CVE-2018-7286 An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2.
network
low complexity
digium debian
6.5
6.5
2018-02-22 CVE-2018-7284 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2.
network
low complexity
digium debian CWE-119
7.5
7.5
2017-12-02 CVE-2017-17090 Incomplete Cleanup vulnerability in Digium Certified Asterisk
An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older.
network
low complexity
digium CWE-459
7.5
7.5