CVE-2024-35190

MEDIUM Year: 2024
CVSS v3 Score
5.8
Medium
Weakness Type
CWE-303
View all →

Vulnerability Description

Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.

Related Vulnerabilities

CVE-2023-4641

MEDIUM
CVSS:5.5(Medium)

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to s...

CWE-3032023

CVE-2025-2475

MEDIUM
CVSS:5.4(Medium)

Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one...

CWE-3032025

CVE-2025-3230

MEDIUM
CVSS:5.4(Medium)

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to ma...

CWE-3032025

CVE-2024-56128

MEDIUM
CVSS:5.3(Medium)

Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism (SCR...

CWE-3032024

CVE-2022-43635

MEDIUM
CVSS:6.5(Medium)

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exp...

CWE-3032022

CVE-2023-31211

MEDIUM
CVSS:6.5(Medium)

Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials

CWE-3032023