Lucene search
K

18 matches found

Fedora
Fedora
added 2026/04/30 1:30 a.m.9 views

[SECURITY] Fedora 42 Update: asterisk-18.26.4-1.fc42

Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware...

9.8CVSS6.8AI score0.4557EPSS
Exploits14
Fedora
Fedora
added 2026/04/30 1:21 a.m.9 views

[SECURITY] Fedora 43 Update: asterisk-18.26.4-1.fc43

Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware...

9.8CVSS6.8AI score0.4557EPSS
Exploits14
Fedora
Fedora
added 2026/04/30 12:54 a.m.12 views

[SECURITY] Fedora 44 Update: asterisk-18.26.4-1.fc44

Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware...

9.8CVSS6.8AI score0.4557EPSS
Exploits14
Debian CVE
Debian CVE
added 2026/02/06 4:47 p.m.8 views

CVE-2026-23741

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/astcoredumper runs as root, as noted by the NOTES tag on line 689 of the astcoredumper file. The script will source the conten...

8.8CVSS5.7AI score0.00173EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/02/06 4:43 p.m.9 views

CVE-2026-23740

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper writes its gdb init and output files to a directory that is world-writable for example /tmp, an attacker with write permissionwhich is a...

7.8CVSS5.8AI score0.00112EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/06 4:43 p.m.5 views

CVE-2026-23740

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper writes its gdb init and output files to a directory that is world-writable for example /tmp, an attacker with write permissionwhich is a...

7.8CVSS5.8AI score0.00112EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/02/06 4:42 p.m.5 views

CVE-2026-23739

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...

6.5CVSS5.3AI score0.00176EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/02/06 4:41 p.m.6 views

CVE-2026-23738

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...

6.1CVSS5.2AI score0.0016EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/08/28 3:33 p.m.7 views

CVE-2025-57767

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header wi...

7.5CVSS5.2AI score0.00381EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/08/28 3:8 p.m.6 views

CVE-2025-54995

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions...

6.5CVSS5.2AI score0.00449EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.3 views

PT-2025-35098

Name of the Vulnerable Software and Affected Versions: Asterisk versions prior to 20.15.2 Asterisk versions prior to 21.10.2 Asterisk versions prior to 22.5.2 Description: Asterisk is an open source private branch exchange and telephony toolkit. If a Session Initiation Protocol SIP request is...

7.5CVSS6.2AI score0.00381EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.6 views

编号撤回

Asterisk is an Asterisk open source software for PBX systems that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. This CVE number has been withdrawn...

6.7AI score
Exploits3References2
CNNVD
CNNVD
added 2024/01/25 12:0 a.m.6 views

SpliceCom Maximiser Soft PBX Security Breach

Splicecom Maximiser Soft PBX is an IP phone. A security vulnerability exists in SpliceCom Maximiser Soft PBX v1.5 version and earlier versions, which stems from the use of default SSL certificates...

5.3CVSS6.8AI score0.00276EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/04/15 12:0 a.m.4 views

Asterisk SQL注入漏洞

Asterisk is a PBX system software that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols.Asterisk suffers from a SQL injection vulnerability that can be exploited by attackers to cause user-supplied data to create corrupt SQL queries or possibly SQL injections...

9.8CVSS6AI score0.06976EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2021/08/05 12:0 a.m.6 views

The vulnerability of the PBX software for IP communications allows attackers to carry out cross-site scripting attacks.

The vulnerability of PBX software for IP communications is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

4.9CVSS5.4AI score0.00638EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2020/07/29 6:15 p.m.5 views

CVE-2019-20025

Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privileg...

9.8CVSS5.8AI score0.02925EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/09 12:0 a.m.5 views

Asterisk Information Disclosure Vulnerability

Asterisk is a free software, open source software that implements the functionality of a telephone user switch PBX. Asterisk suffers from an information disclosure vulnerability that stems from insufficient RTCP packet validation, which allows an attacker to exploit the vulnerability to read the...

7.5CVSS7.1AI score0.03156EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2016/11/27 12:0 a.m.21 views

FreePBX callmenum Remote Code Execution (CVE-2012-4869)

FreePBX is an open source software implementation of a telephone Private Branch eXchange PBX. A code execution vulnerability exists in FreePBX software. Remote attacker can exploit this vulnerability to inject arbitrary PHP functions and commands...

7.5CVSS3.4AI score0.70252EPSS
Exploits2
Rows per page
Query Builder