Vulnerabilities > Sangoma
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-21 | CVE-2024-49215 | Path Traversal vulnerability in Sangoma Asterisk and Certified Asterisk An issue was discovered in Sangoma Asterisk through 18.20.0, 19.x and 20.x through 20.5.0, and 21.x through 21.0.0, and Certified Asterisk through 18.9-cert5. | 7.8 |
| 2023-12-14 | CVE-2023-37457 | Classic Buffer Overflow vulnerability in multiple products Asterisk is an open source private branch exchange and telephony toolkit. | 8.2 |
| 2023-12-14 | CVE-2023-49294 | Path Traversal vulnerability in multiple products Asterisk is an open source private branch exchange and telephony toolkit. | 7.5 |
| 2023-12-14 | CVE-2023-49786 | Race Condition vulnerability in multiple products Asterisk is an open source private branch exchange and telephony toolkit. | 5.9 |
| 2023-11-02 | CVE-2023-43336 | Unspecified vulnerability in Sangoma Freepbx Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101. | 8.8 |
| 2023-04-26 | CVE-2023-26567 | Insufficiently Protected Credentials vulnerability in Sangoma Freepbx Linux 7 Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. | 8.1 |
| 2022-12-27 | CVE-2019-25090 | Cross-site Scripting vulnerability in Sangoma Freepbx A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. | 6.1 |
| 2022-12-27 | CVE-2021-4282 | Cross-site Scripting vulnerability in Sangoma Voicemail A vulnerability was found in FreePBX voicemail. | 6.1 |
| 2022-12-27 | CVE-2021-4283 | Cross-site Scripting vulnerability in Sangoma Voicemail A vulnerability was found in FreeBPX voicemail. | 5.4 |
| 2022-12-25 | CVE-2020-36630 | SQL Injection vulnerability in Sangoma Freepbx A vulnerability was found in FreePBX cdr 14.0. | 9.8 |