Vulnerabilities > Sangoma
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-05 | CVE-2022-37325 | Out-of-bounds Write vulnerability in Sangoma Asterisk In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash. | 7.5 |
| 2022-12-05 | CVE-2022-42705 | Use After Free vulnerability in Sangoma Asterisk and Certified Asterisk A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription. | 6.5 |
| 2022-12-05 | CVE-2022-42706 | Path Traversal vulnerability in Sangoma Asterisk and Certified Asterisk An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. | 4.9 |
| 2022-02-22 | CVE-2022-23608 | Use After Free vulnerability in multiple products PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. | 9.8 |
| 2022-02-14 | CVE-2021-45310 | Information Exposure vulnerability in Sangoma Switchvox 102409 Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. | 5.3 |
| 2022-01-27 | CVE-2022-21723 | Out-of-bounds Read vulnerability in multiple products PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. | 9.1 |
| 2021-12-22 | CVE-2021-45461 | Unspecified vulnerability in Sangoma Restapps FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. | 9.8 |
| 2021-12-22 | CVE-2021-37706 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. | 9.8 |
| 2021-05-31 | CVE-2020-10666 | Command Injection vulnerability in Sangoma Restapps The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command. | 9.8 |
| 2020-11-06 | CVE-2020-28327 | Improper Resource Shutdown or Release vulnerability in multiple products A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. | 5.3 |