11 matches found
EUVD-2007-4263
Malware in sbrugna...
EUVD-2006-4333
Malware in sbrugna...
EUVD-2017-5611
Malware in sbrugna...
CVE-2025-47780
Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface CLI by configuring...
CVE-2025-47780
CVE-2025-47780 affects Asterisk and certified-asterisk. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 (and 18.9-cert14, 20.7-cert5 for certified-asterisk), configuring cli_permissions.conf with deny=!* to block shell commands on the CLI does not work, potentially allowing shell access wh...
CVE-2025-47780
Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface CLI by configuring...
CVE-2003-0761
Buffer overflow in the getmsgtext of chansip.c in the Session Initiation Protocol SIP protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain 1 MESSAGE or 2 INFO requests...
CVE-2019-15297
respjsipt38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference...
Buffer overflow
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...
CVE-2016-9938
An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chansip channel driver has a liberal definition for whitespace when attempting to strip the content betwe...
CVE-2014-8417
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...