Vulnerabilities > Sangoma > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-25 | CVE-2020-36630 | SQL Injection vulnerability in Sangoma Freepbx A vulnerability was found in FreePBX cdr 14.0. | 9.8 |
| 2022-02-22 | CVE-2022-23608 | Use After Free vulnerability in multiple products PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. | 9.8 |
| 2022-01-27 | CVE-2022-21723 | Out-of-bounds Read vulnerability in multiple products PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. | 9.1 |
| 2021-12-22 | CVE-2021-45461 | Unspecified vulnerability in Sangoma Restapps FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. | 9.8 |
| 2021-12-22 | CVE-2021-37706 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. | 9.8 |
| 2021-05-31 | CVE-2020-10666 | Command Injection vulnerability in Sangoma Restapps The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command. | 9.8 |
| 2019-11-21 | CVE-2019-19006 | Improper Authentication vulnerability in Sangoma Freepbx Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control. | 9.8 |
| 2019-10-22 | CVE-2019-12148 | Argument Injection or Modification vulnerability in Sangoma Session Border Controller Firmware 2.3.23119Ga The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. | 9.8 |
| 2019-10-22 | CVE-2019-12147 | Argument Injection or Modification vulnerability in Sangoma Session Border Controller Firmware 2.3.23119Ga The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. | 9.8 |
| 2017-12-07 | CVE-2017-17430 | Improper Authentication vulnerability in Sangoma Netborder/Vega Session Firmware 2.3.1178Ga Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface. | 9.8 |