Vulnerabilities > Sangoma > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-12-25 CVE-2020-36630 SQL Injection vulnerability in Sangoma Freepbx
A vulnerability was found in FreePBX cdr 14.0.
network
low complexity
sangoma CWE-89
critical
9.8
2022-02-22 CVE-2022-23608 Use After Free vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu asterisk sangoma debian CWE-416
critical
9.8
2022-01-27 CVE-2022-21723 Out-of-bounds Read vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu asterisk sangoma debian CWE-125
critical
9.1
2021-12-22 CVE-2021-37706 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu asterisk sangoma debian CWE-191
critical
9.8
2014-10-07 CVE-2014-7235 Code Injection vulnerability in multiple products
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
network
low complexity
freepbx sangoma CWE-94
critical
10.0
2009-04-03 CVE-2008-6598 Race Condition vulnerability in Sangoma Wanpipe
Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic."
network
low complexity
sangoma CWE-362
critical
10.0