Vulnerabilities > Digium > Asterisk > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-04-15 CVE-2022-26651 SQL Injection vulnerability in multiple products
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13.
network
low complexity
digium debian CWE-89
critical
9.8
2022-04-15 CVE-2022-26499 Server-Side Request Forgery (SSRF) vulnerability in multiple products
An SSRF issue was discovered in Asterisk through 19.x.
network
low complexity
digium debian CWE-918
critical
9.1
2017-09-02 CVE-2017-14100 OS Command Injection vulnerability in Digium Asterisk
In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible.
network
low complexity
digium CWE-78
critical
9.8