Vulnerabilities (CVE)

Filtered by vendor Sangoma Subscribe
Total 50 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-2948 2 Asterisk, Sangoma 3 Certified Asterisk, Open Source, Asterisk 2024-11-21 4.0 MEDIUM N/A
chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.
CVE-2012-2186 2 Asterisk, Sangoma 5 Business Edition, Certified Asterisk, Digiumphones and 2 more 2024-11-21 9.0 HIGH N/A
Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.
CVE-2010-3490 1 Sangoma 1 Freepbx 2024-11-21 6.5 MEDIUM N/A
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.
CVE-2009-3723 2 Debian, Sangoma 2 Debian Linux, Asterisk 2024-11-21 5.0 MEDIUM 7.5 HIGH
asterisk allows calls on prohibited networks
CVE-2009-2346 2 Asterisk, Sangoma 5 Appliance S800i, Asterisk, Open Source and 2 more 2024-11-21 7.8 HIGH N/A
The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263.
CVE-2009-1803 2 Freepbx, Sangoma 2 Freepbx, Freepbx 2024-11-21 5.0 MEDIUM N/A
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
CVE-2009-1802 2 Freepbx, Sangoma 2 Freepbx, Freepbx 2024-11-21 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.
CVE-2009-1801 2 Freepbx, Sangoma 2 Freepbx, Freepbx 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-6598 1 Sangoma 1 Wanpipe 2024-11-21 10.0 HIGH N/A
Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic."
CVE-2024-49215 1 Sangoma 2 Asterisk, Certified Asterisk 2024-10-24 N/A 7.8 HIGH
An issue was discovered in Sangoma Asterisk through 18.20.0, 19.x and 20.x through 20.5.0, and 21.x through 21.0.0, and Certified Asterisk through 18.9-cert5. In manager.c, the functions action_getconfig() and action_getconfigJson() do not process the input file path, resulting in a path traversal vulnerability. In versions without the restrictedFile() function, no processing is done on the input path. In versions with the restrictedFile() function, path traversal is not processed.