Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

693 matches found

OSV
OSVadded 2021/03/10 11:15 p.m.2 views

UBUNTU-CVE-2021-21375

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first on...

6.5CVSS7.2AI score0.02088EPSS
Exploits1References5
CVE
CVEadded 2021/03/10 10:30 p.m.114 views

CVE-2021-21375

CVE-2021-21375 affects the pjproject/PJSIP library (versions 2.10 and earlier). The issue arises after an initial INVITE when two 183 responses are received and the first triggers negotiation failure, causing a crash and a denial of service. Mitigation: upgrade to patched pjproject/PJSIP (per GLS...

6.5CVSS6.5AI score0.02088EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVEadded 2021/03/10 10:30 p.m.22 views

CVE-2021-21375

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first on...

6.5CVSS6.6AI score0.02088EPSS
Exploits1
Cvelist
Cvelistadded 2021/03/10 10:30 p.m.18 views

CVE-2021-21375 Crash in receiving updated SDP answer after initial SDP negotiation failed

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first on...

6.5CVSS6.5AI score0.02088EPSS
Exploits1References5
AlpineLinux
AlpineLinuxadded 2021/03/10 10:30 p.m.17 views

CVE-2021-21375

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first on...

6.5CVSS6.6AI score0.02088EPSS
Exploits1
CVE
CVEadded 2021/03/10 10:30 p.m.106 views

CVE-2020-15260

CVE-2020-15260 concerns the PJSIP library. In versions up to 2.10, TLS connections may be reused if they share the same IP, port, and protocol, without proper remote hostname authentication. This can allow an attacker to leverage DNS or routing to force a TLS connection to a different hostname th...

6.8CVSS6.6AI score0.00991EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2021/03/10 10:30 p.m.48 views

CVE-2020-15260 Existing TLS connections can be reused without checking remote hostname

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is...

6.8CVSS6.4AI score0.00991EPSS
Exploits0References4
Debian CVE
Debian CVEadded 2021/03/10 10:30 p.m.30 views

CVE-2020-15260

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is...

6.8CVSS6.7AI score0.00991EPSS
Exploits0
AlpineLinux
AlpineLinuxadded 2021/03/10 10:30 p.m.38 views

CVE-2020-15260

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is...

6.8CVSS6.7AI score0.00991EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2021/03/10 12:0 a.m.3 views

PT-2021-14457

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.10 and earlier Description PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP, after an initial...

9.8CVSS7AI score0.0462EPSS
Exploits4References42
Positive Technologies
Positive Technologiesadded 2021/03/10 12:0 a.m.3 views

PT-2021-9742

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.10 and earlier Description PJSIP is a free and open source multimedia communication library that implements standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. The library has a vulnerability that allows for...

9.8CVSS7.2AI score0.0462EPSS
Exploits4References36
Veracode
Veracodeadded 2021/02/24 3:27 a.m.22 views

Denial Of Service (DoS)

asterisk:sid is vulnerable to denial of service. The vulnerability exists in respjsipsession.c in Digium Asterisk where SDP negotiation in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure...

5.9CVSS5.6AI score0.02547EPSS
Exploits0References6Affected Software1
OpenVAS
OpenVASadded 2021/02/19 12:0 a.m.16 views

Asterisk DoS Vulnerability (AST-2021-005)

Asterisk is prone to a denial of service vulnerability in the PJSIP channel driver. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.9CVSS5.7AI score0.02547EPSS
Exploits0References1
OSV
OSVadded 2021/02/18 8:15 p.m.2 views

ALPINE-CVE-2021-26906

An issue was discovered in respjsipsession.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash...

5.9CVSS7.1AI score0.02547EPSS
Exploits0References1
Debian CVE
Debian CVEadded 2021/02/18 7:50 p.m.23 views

CVE-2021-26906

An issue was discovered in respjsipsession.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash...

5.9CVSS6AI score0.02547EPSS
Exploits0
AlpineLinux
AlpineLinuxadded 2021/02/18 7:50 p.m.27 views

CVE-2021-26906

An issue was discovered in respjsipsession.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash...

5.9CVSS5.7AI score0.02547EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2021/02/18 12:0 a.m.5 views

PT-2021-17165 · Asterisk +2 · Asterisk +2

Name of the Vulnerable Software and Affected Versions: Asterisk versions 13.38.1 and earlier, 14.x, 15.x, 16.x through 16.16.0, 17.x through 17.9.1, and 18.x through 18.2.0 Certified Asterisk versions 16.8-cert5 and earlier Description: An issue in res pjsip session.c allows a remote server to...

8.8CVSS6.1AI score0.45293EPSS
Exploits13References47
Positive Technologies
Positive Technologiesadded 2021/02/18 12:0 a.m.3 views

PT-2021-11857 · Sangoma +1 · Asterisk +1

Name of the Vulnerable Software and Affected Versions: Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 Description: A buffer overflow in the res pjsip diversion.c file allows a remote attacker to crash Asterisk by deliberately misusing SIP 181 responses. Recommendations: For versio...

8.8CVSS6.3AI score0.45293EPSS
Exploits13References49
OSV
OSVadded 2021/01/29 8:15 a.m.1 views

UBUNTU-CVE-2020-35652

An issue was discovered in respjsipdiversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is...

6.5CVSS6.6AI score0.01907EPSS
Exploits1References8
Positive Technologies
Positive Technologiesadded 2020/07/06 12:0 a.m.2 views

PT-2022-2183 · Pjsip +3 · Pjsip +3

Name of the Vulnerable Software and Affected Versions: PJSIP versions 2.11.1 and prior Description: The issue is related to a potential out-of-bound read access when parsing an incoming SIP message that contains a malformed multipart. This affects all PJSIP users that accept SIP multipart. The...

9.8CVSS7.8AI score0.29645EPSS
Exploits2References121
Rows per page
Query Builder