CVE-2023-49294
- EPSS 17.09%
- Veröffentlicht 14.12.2023 20:15:52
- Zuletzt bearbeitet 21.11.2024 08:33:12
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dang...
CVE-2023-49786
- EPSS 0.1%
- Veröffentlicht 14.12.2023 20:15:52
- Zuletzt bearbeitet 21.11.2024 08:33:50
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the he...
CVE-2022-42705
- EPSS 1.57%
- Veröffentlicht 05.12.2022 21:15:10
- Zuletzt bearbeitet 24.04.2025 15:15:50
A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport ...
CVE-2022-42706
- EPSS 0.81%
- Veröffentlicht 05.12.2022 21:15:10
- Zuletzt bearbeitet 24.04.2025 15:15:50
An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk c...