Vulnerabilities > Sangoma
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-22 | CVE-2019-12147 | Argument Injection or Modification vulnerability in Sangoma Session Border Controller Firmware 2.3.23119Ga The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. | 5.0 |
| 2019-10-21 | CVE-2019-16967 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. | 4.3 |
| 2019-10-21 | CVE-2019-16966 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. | 4.3 |
| 2019-06-20 | CVE-2018-15891 | Cross-site Scripting vulnerability in multiple products An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. | 3.5 |
| 2018-06-12 | CVE-2018-12228 | Infinite Loop vulnerability in Sangoma Asterisk An issue was discovered in Asterisk Open Source 15.x before 15.4.1. | 6.5 |
| 2018-01-29 | CVE-2018-6393 | SQL Injection vulnerability in Sangoma Freepbx 10.13.66/14.0.1.24 FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. | 7.2 |
| 2017-12-07 | CVE-2017-17430 | Improper Authentication vulnerability in Sangoma Netborder/Vega Session Firmware 2.3.1178Ga Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface. | 7.5 |
| 2017-06-02 | CVE-2017-9358 | Infinite Loop vulnerability in multiple products A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). | 7.5 |
| 2014-10-07 | CVE-2014-7235 | Code Injection vulnerability in multiple products htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014. | 10.0 |
| 2014-02-18 | CVE-2014-1903 | Permissions, Privileges, and Access Controls vulnerability in multiple products admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php. | 7.5 |