EUVD-2006-1827

Malware in sbrugna...

EUVD-2014-8252

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-49786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asteri...

Linux Distros Unpatched Vulnerability : CVE-2018-7286

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. respjsip allows...

Linux Distros Unpatched Vulnerability : CVE-2022-26651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The funcodbc module provides possibly inadequate escaping...

CVE-2025-47780 cli_permissions.conf: deny option does not work for disallowing shell commands

Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface CLI by configuring...

DLA-3925-1 asterisk - security update

Bulletin has no description...

SUSE CVE-2015-3008

Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain nam...

DLA-2969-1 asterisk - security update

Bulletin has no description...

DSA-4999-1 asterisk - security update

Bulletin has no description...

ALPINE-CVE-2021-26713

A stack-based buffer overflow in resrtpasterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession...

Virus Bulletin 2019: VoIP Espionage Campaign Hits U.S. Utilities Supplier

LONDON — A recent attack aimed at a U.S.-based oil, gas and chemical supplier leverages the company’s use of the enterprise-class Asterisk open-source PBX software, used for VoIP services. According to research from Check Point, presented here at Virus Bulletin 2019 on Friday, the attack was firs...

UBUNTU-CVE-2016-2232

Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service uninitialized pointer dereference and crash via a zero length error...

CVE-2014-9374

Double free vulnerability in the WebSocket Server reshttpwebsocket module in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service crash by sending a zero length frame...

CVE-2014-8416

Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the respjsiprefer module, allows remote attackers to cause a denial of service crash via an in-dialog INVITE with Replaces message, which triggers the channel to ...

CVE-2014-8415

Race condition in the chanpjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service assertion failure and crash via a cancel request for a SIP session with a queued action to 1 answer a session or 2 send ringing...

CVE-2014-4046

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action...

CVE-2014-4047

Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service connection consumption via a large number of 1 inactive or 2 incomplete HTTP...

CVE-2012-2186

Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows...

Phone based denial-of-service (DoS) attack on MI6 Anti-terrorism Agency

Phone based denial-of-service DoS attack on MI6 Anti-terrorism Agency +attack+on+MI6+Anti-terrorism+Agency.jpg The Hacking group, 'TeaMp0isoN' said they targeted counter-terrorism officers at MI6 with a barrage of phone calls for a period of 24 hours, which meant nobody else could get through. By...