Vulnerabilities > Sangoma

DATE CVE VULNERABILITY TITLE RISK
2022-02-22 CVE-2022-23608 Use After Free vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu asterisk sangoma debian CWE-416
7.5
2022-02-14 CVE-2021-45310 Incorrect Authorization vulnerability in Sangoma Switchvox 102409
Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction.
network
low complexity
sangoma CWE-863
5.0
2022-01-27 CVE-2022-21723 Out-of-bounds Read vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu asterisk sangoma debian CWE-125
6.4
2021-12-22 CVE-2021-45461 Unspecified vulnerability in Sangoma Restapps
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021.
network
low complexity
sangoma
7.5
2021-12-22 CVE-2021-37706 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
teluu asterisk sangoma debian CWE-191
critical
9.3
2021-05-31 CVE-2020-10666 Code Injection vulnerability in Sangoma Restapps
The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.
network
low complexity
sangoma CWE-94
7.5
2020-03-16 CVE-2019-19852 Cross-site Scripting vulnerability in Sangoma Freepbx
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields.
network
sangoma CWE-79
3.5
2020-03-16 CVE-2019-19615 Cross-site Scripting vulnerability in Sangoma Freepbx 14.0.10.2/14.0.10.3/14.0.10.7
Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site.
network
sangoma CWE-79
3.5
2020-03-16 CVE-2019-19538 Unspecified vulnerability in Sangoma Freepbx
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.
network
low complexity
sangoma
6.5
2020-03-16 CVE-2019-19851 Cross-site Scripting vulnerability in Sangoma Freepbx
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI.
network
sangoma CWE-79
3.5