Vulnerabilities > Digium > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-14 CVE-2023-37457 Classic Buffer Overflow vulnerability in multiple products
Asterisk is an open source private branch exchange and telephony toolkit.
network
low complexity
sangoma digium CWE-120
8.2
8.2
2023-12-14 CVE-2023-49294 Path Traversal vulnerability in multiple products
Asterisk is an open source private branch exchange and telephony toolkit.
network
low complexity
sangoma digium CWE-22
7.5
7.5
2022-04-15 CVE-2022-26498 Resource Exhaustion vulnerability in multiple products
An issue was discovered in Asterisk through 19.x.
network
low complexity
digium debian CWE-400
7.5
7.5
2021-07-30 CVE-2021-32558 Injection vulnerability in multiple products
An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10.
network
low complexity
digium debian CWE-74
7.5
7.5
2021-02-18 CVE-2021-26712 Unspecified vulnerability in Digium Asterisk and Certified Asterisk
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.
network
low complexity
digium
7.5
7.5
2021-02-18 CVE-2021-26717 Unspecified vulnerability in Digium Asterisk and Certified Asterisk
An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6.
network
low complexity
digium
7.5
7.5
2019-11-22 CVE-2019-18610 Missing Authorization vulnerability in multiple products
An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4.
network
low complexity
digium debian CWE-862
8.8
8.8
2019-11-22 CVE-2019-18976 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x.
network
low complexity
digium debian CWE-476
7.5
7.5
2019-09-09 CVE-2019-15639 Improper Input Validation vulnerability in Digium Asterisk
main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario.
network
low complexity
digium CWE-20
7.5
7.5
2019-05-23 CVE-2016-7550 NULL Pointer Dereference vulnerability in Digium Asterisk 13.10.0
asterisk 13.10.0 is affected by: denial of service issues in asterisk.
network
low complexity
digium CWE-476
7.5
7.5