28 matches found
EUVD-2011-4522
Malware in sbrugna...
EUVD-2007-3340
Malware in sbrugna...
EUVD-2024-35231
Malicious code in bioql PyPI...
CVE-2021-41157
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse...
CVE-2025-47779 Using malformed From header can forge identity with ";" or NULL in name portion
Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE RFC 3428 authentication do not get proper alignment. An authenticated attacker...
PT-2025-22513 · Sangoma +1 · Asterisk +2
Name of the Vulnerable Software and Affected Versions: Asterisk versions prior to 18.26.2 Asterisk versions prior to 20.14.1 Asterisk versions prior to 21.9.1 Asterisk versions prior to 22.4.1 certified-asterisk versions prior to 18.9-cert14 certified-asterisk versions prior to 20.7-cert5...
Cisco BroadWorks Denial of Service Vulnerability
Cisco BroadWorks is a carrier-grade unified communications software platform from Cisco. It is used to deploy cloud calls from public network platforms on any type of wired or wireless network architecture. A denial of service vulnerability exists in Cisco BroadWorks that stems from improper memo...
Vulnerability fixed in Cisco BroadWorks
Cisco has fixed a vulnerability in Cisco BroadWorks. The vulnerability is in how the Cisco BroadWorks SIP processing system handles specific SIP requests. Unauthenticated remote attackers can exploit this vulnerability to perform a denial-of-service DoS attack, which can lead to memory exhaustion...
CVE-2025-20165
CVE-2025-20165 describes a denial-of-service flaw in Cisco BroadWorks’ SIP processing, caused by improper memory handling of certain SIP requests. An unauthenticated, remote attacker can trigger a DoS by sending a high volume of SIP requests, exhausting memory on Cisco BroadWorks Network Servers ...
CVE-2024-35190
Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1...
CVE-2024-35190 Asterisk' res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests
Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1...
Asterisk 安全漏洞
Asterisk is software for a PBX system that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk version 18.23.0 suffers from a security vulnerability that stems from the fact that all unauthorized SIP requests are identified as PJSIP endpoints on the local server...
SUSE CVE-2011-4598
The handlerequestinfo function in channels/chansip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted sequence of SIP requests...
New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service
A new research has demonstrated a technique that allows an attacker to bypass firewall protection and remotely access any TCP/UDP service on a victim machine. Called NAT Slipstreaming, the method involves sending the target a link to a malicious site or a legitimate site loaded with malicious ads...
CVE-2018-12227
An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However,...
UBUNTU-CVE-2018-12227
An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However,...
CVE-2017-12260
A vulnerability in the implementation of Session Initiation Protocol SIP functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service DoS...
Digium Asterisk app_minivm Caller-ID Command Execution (CVE-2017-14100)
A command execution vulnerability exists in Digium Asterisk. The vulnerability is due to insufficient validation of Caller-IDs within SIP requests when the MinivmNotify dialplan function is used with an external notification program. A remote, authenticated attacker could exploit this vulnerabili...
CVE-2011-4598
The handlerequestinfo function in channels/chansip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted sequence of SIP requests...
CVE-2011-4598
The handlerequestinfo function in channels/chansip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted sequence of SIP requests...