Vulnerabilities > Digium > Asterisk > 16.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-14 | CVE-2023-37457 | Classic Buffer Overflow vulnerability in multiple products Asterisk is an open source private branch exchange and telephony toolkit. | 8.2 |
| 2023-12-14 | CVE-2023-49294 | Path Traversal vulnerability in multiple products Asterisk is an open source private branch exchange and telephony toolkit. | 7.5 |
| 2023-12-14 | CVE-2023-49786 | Race Condition vulnerability in multiple products Asterisk is an open source private branch exchange and telephony toolkit. | 5.9 |
| 2022-08-30 | CVE-2021-46837 | NULL Pointer Dereference vulnerability in multiple products res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. | 6.5 |
| 2022-04-15 | CVE-2022-26651 | SQL Injection vulnerability in multiple products An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. | 9.8 |
| 2021-07-30 | CVE-2021-32558 | Injection vulnerability in multiple products An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. | 5.0 |
| 2021-02-19 | CVE-2021-26713 | Out-of-bounds Write vulnerability in Digium Asterisk and Certified Asterisk A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. | 4.0 |
| 2021-02-18 | CVE-2021-26712 | Unspecified vulnerability in Digium Asterisk Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets. | 5.0 |
| 2021-02-18 | CVE-2021-26906 | Improper Resource Shutdown or Release vulnerability in Digium Asterisk An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. | 4.3 |
| 2021-02-18 | CVE-2021-26717 | Unspecified vulnerability in Digium Asterisk and Certified Asterisk An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. | 5.0 |