VYPR

Vendor CVEs

Signalwire

All CVEs

26 total · sorted by risk
  • CVE-2019-19492CriDec 2, 2019
    risk 0.69cvss 9.8epss 0.29

    FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.

  • CVE-2026-49841CriJun 9, 2026
    risk 0.57cvss 9.8epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for a…

  • CVE-2021-41145HigOct 25, 2021
    risk 0.56cvss 8.6epss 0.02

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. FreeSWITCH prior to version 1.10.7 is susceptible to Denial of Service via SIP flooding. When…

  • CVE-2026-49840CriJun 9, 2026
    risk 0.52cvss 9.1epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, esl_recv_event() parses Content-Length with atol() and passes the…

  • CVE-2023-40019HigSep 15, 2023
    risk 0.49cvss 7.5epss 0.01

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack…

  • CVE-2023-40018HigSep 15, 2023
    risk 0.49cvss 7.5epss 0.01

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by…

  • CVE-2023-32307HigMay 26, 2023
    risk 0.49cvss 7.5epss 0.01

    Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in…

  • CVE-2021-41105HigOct 25, 2021
    risk 0.49cvss 7.5epss 0.02

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When handling SRTP calls, FreeSWITCH prior to version 1.10.7 is susceptible to a DoS where calls…

  • CVE-2021-37624HigOct 25, 2021
    risk 0.49cvss 7.5epss 0.04

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam…

  • CVE-2021-36513HigOct 18, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value.

  • CVE-2018-19911HigDec 6, 2018
    risk 0.49cvss 7.5epss 0.03

    FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be…

  • CVE-2026-49847HigJun 9, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested…

  • CVE-2026-49842HigJun 9, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, mod_verto's WebSocket frame loop intercepts a #-prefixed speed-test…

  • CVE-2026-49475HigJun 9, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the…

  • CVE-2026-45771HigJun 9, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested <!ENTITY> declarations…

  • CVE-2021-41158MedOct 26, 2021
    risk 0.38cvss 5.8epss 0.01

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and…

  • CVE-2026-49843MedJun 9, 2026
    risk 0.27cvss 5.3epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, mod_verto's JSON-RPC handler bound the connection to the…

  • CVE-2026-49472MedJun 9, 2026
    risk 0.27cvss 5.3epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIX(prologTok)(), in…

  • CVE-2026-49848MedJun 9, 2026
    risk 0.21cvss 4.3epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, mod_verto's check_auth userauth branch wrote request-supplied…

  • CVE-2023-51443HigDec 27, 2023
    risk 0.00cvss 7.5epss 0.01

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to…

  • CVE-2022-31003CriMay 31, 2022
    risk 0.00cvss 9.1epss 0.04

    Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil…

  • CVE-2022-31001HigMay 31, 2022
    risk 0.00cvss 7.5epss 0.02

    Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) -…

  • CVE-2022-31002HigMay 31, 2022
    risk 0.00cvss 7.5epss 0.02

    Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a…

  • CVE-2021-41157MedOct 26, 2021
    risk 0.00cvss 5.3epss 0.02

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of…

  • CVE-2015-7392Oct 5, 2015
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing \u in a json string to cJSON_Parse.

  • CVE-2013-2238Sep 30, 2013
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in the switch_perform_substitution function in switch_regex.c in FreeSWITCH 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the index and substituted variables.