Vulnerabilities > Sangoma
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-21 | CVE-2019-16967 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. | 6.1 |
| 2019-10-21 | CVE-2019-16966 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. | 6.1 |
| 2019-06-20 | CVE-2018-15891 | Cross-site Scripting vulnerability in multiple products An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. | 4.8 |
| 2018-06-12 | CVE-2018-12228 | Infinite Loop vulnerability in Sangoma Asterisk An issue was discovered in Asterisk Open Source 15.x before 15.4.1. | 6.5 |
| 2018-01-29 | CVE-2018-6393 | SQL Injection vulnerability in Sangoma Freepbx 10.13.66/14.0.1.24 FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. | 7.2 |
| 2017-12-07 | CVE-2017-17430 | Improper Authentication vulnerability in Sangoma Netborder/Vega Session Firmware 2.3.1178Ga Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface. | 9.8 |
| 2017-06-02 | CVE-2017-9358 | Infinite Loop vulnerability in multiple products A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). | 7.5 |