EUVD-2002-1914

Malware in sbrugna...

EUVD-2006-3589

Malware in sbrugna...

EUVD-2024-39644

Malicious code in bioql PyPI...

DEBIAN-CVE-2025-57767

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header wi...

CVE-2025-57767 Asterisk can crash from a specifically malformed Authorization header in an incoming SIP request

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header wi...

[SECURITY] [DLA 3925-1] asterisk security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3925-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz October 20, 2024 https://wiki.debian.org/LTS -...

Debian dla-3925 : asterisk - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3925 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3925-1 [email protected]...

ROS-20240918-14

A vulnerability in Asterisk and Certified Asterisk IP telephony management systems is related to errors in sending a SIP request to a URI. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service and shutdown...

DEBIAN-CVE-2024-42491

Asterisk is an open-source private branch exchange PBX. Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with .1 or .1, and resresolverunbound is...

CVE-2024-42491

Asterisk is an open-source private branch exchange PBX. Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with .1 or .1, and resresolverunbound is...

FreeSWITCH 1.10.6 SIP Digest Leak

FreeSWITCH vulnerable to SIP digest leak for configured gateways - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-05-freeswitch-vulnerable-to-SIP-digest-leak - Vendor Security Advisory:...

CVE-2019-18790

An issue was discovered in channels/chansip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls...

CVE-2019-18790

CVE-2019-18790ffects Sangoma Asterisk chan_sip.c: a SIP request can alter a peer’s IP address to hijack calls. Affected: Asterisk 13.x <13.29.2, 16.x <16.6.2, 17.x <17.0.1; Certified Asterisk

asterisk -- SIP request can change address of a SIP peer

The Asterisk project reports: A SIP request can be sent to Asterisk that can change a SIP peers IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peers name; authentication details such as passwords do not need to be...

CVE-2018-12227

An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However,...

CVE-2018-12227

An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However,...

CVE-2018-12227

An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However,...

Digium Asterisk pjsip_multipart_parse Denial of Service

A denial of service vulnerability exists in Digium Asterisk. The vulnerability is due to a processing flaw in the pjsipmultipartparse function of sipmultipart.c when the chanpjsip module is used. A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted...

SX Design sipd 0.1.2 - Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9198/info It has been reported that sipd may be prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The problem is reported to exist in the gethostbynamer...

CVE-2013-5642

The SIP channel driver channels/chansip.c in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote...