Vulnerabilities > Digium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-18 | CVE-2021-26712 | Unspecified vulnerability in Digium Asterisk Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets. | 5.0 |
| 2021-02-18 | CVE-2021-26906 | Improper Resource Shutdown or Release vulnerability in Digium Asterisk An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. | 4.3 |
| 2021-02-18 | CVE-2021-26717 | Unspecified vulnerability in Digium Asterisk and Certified Asterisk An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. | 5.0 |
| 2021-02-18 | CVE-2020-35776 | Classic Buffer Overflow vulnerability in Digium Asterisk A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses. | 4.3 |
| 2021-01-29 | CVE-2020-35652 | Unspecified vulnerability in Digium Asterisk An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. | 4.0 |
| 2020-11-06 | CVE-2020-28327 | Improper Resource Shutdown or Release vulnerability in multiple products A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. | 2.1 |
| 2019-11-22 | CVE-2019-18610 | Missing Authorization vulnerability in multiple products An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. | 9.0 |
| 2019-11-22 | CVE-2019-18976 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. | 5.0 |
| 2019-11-22 | CVE-2019-18790 | Missing Authorization vulnerability in multiple products An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. | 5.8 |
| 2019-09-09 | CVE-2019-15297 | NULL Pointer Dereference vulnerability in Digium Asterisk res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. | 4.0 |