Filtered by vendor Sangoma
Subscribe
Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6393 | 1 Sangoma | 1 Freepbx | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... [or] run shell scripts ... once ... logged in to the administration interface; there is no need to try to find input validation errors. | |||||
| CVE-2018-15891 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name. | |||||
| CVE-2018-12228 | 1 Sangoma | 1 Asterisk | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable. | |||||
| CVE-2009-3723 | 2 Debian, Sangoma | 2 Debian Linux, Asterisk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| asterisk allows calls on prohibited networks | |||||