# Security Advisory

- [SIPGO: Response DoS vulnerability via nil pointer dereference](/advisories/ES2025-02-sipgo-response-dos.md) (2025-12-17)
- [rtpengine: RTP Inject and RTP Bleed vulnerabilities despite proper configuration](/advisories/ES2025-01-rtpengine-improper-behavior-bleed-inject.md) (2025-07-31)
- [FreeSWITCH: denial of service via DTLS Hello packets during call initiation](/advisories/ES2023-02-freeswitch-dtls-hello-race.md) (2023-12-22)
- [Asterisk: denial of service via DTLS Hello packets during call initiation](/advisories/ES2023-01-asterisk-dtls-hello-race.md) (2023-12-15)
- [rtpengine: denial of service via DTLS Hello packets during call initiation](/advisories/ES2023-03-rtpengine-dtls-hello-race.md) (2023-12-15)
- [FreeSWITCH: denial of service via invalid SRTP packets](/advisories/ES2021-09-freeswitch-srtp-dos.md) (2021-10-25)
- [FreeSWITCH: denial of service via SIP flooding](/advisories/ES2021-06-freeswitch-flood-dos.md) (2021-10-25)
- [FreeSWITCH: SIP digest leak for configured gateways](/advisories/ES2021-05-freeswitch-vulnerable-to-SIP-digest-leak.md) (2021-10-25)
- [FreeSWITCH: unauthenticated SIP MESSAGE requests allow spam and spoofing](/advisories/ES2021-07-freeswitch-SIP-MESSAGE-without-auth.md) (2021-10-25)
- [FreeSWITCH: unauthenticated SIP SUBSCRIBE requests by default](/advisories/ES2021-08-freeswitch-SIP-SUBSCRIBE-without-auth.md) (2021-10-25)
- [VoIPmonitor: buffer overflow in live sniffer](/advisories/ES2021-03-voipmonitor-livesniffer-buffer-overflow.md) (2021-03-15)
- [VoIPmonitor: cross-site scripting via SIP messages](/advisories/ES2021-02-voipmonitor-gui-xss.md) (2021-03-15)
- [VoIPmonitor: static builds lack memory corruption protections](/advisories/ES2021-04-voipmonitor-staticbuild-memory-corruption-protection.md) (2021-03-15)
- [coturn: access control bypass via loopback peer address](/advisories/ES2021-01-coturn-access-control-bypass.md) (2021-01-11)
- [sngrep: buffer overflow via malformed SDP media type](/advisories/ES2020-03-sngrep-malformed-media-type.md) (2020-11-20)
- [sngrep: stack overflow via malformed SDP connection address](/advisories/ES2020-04-sngrep-malformed-connection-address.md) (2020-11-20)
- [Asterisk: crash via INVITE flood over TCP](/advisories/ES2020-02-asterisk-tcp-invite-crash.md) (2020-11-06)
- [Kamailio: header smuggling via remove_hf bypass](/advisories/ES2020-01-kamailio-remove-hf.md) (2020-09-01)
- [Kamailio: off-by-one heap overflow](/advisories/ES2018-05-kamailio-heap-overflow.md) (2018-03-19)
- [Asterisk PJSIP: crash via invalid SDP fmtp attribute](/advisories/ES2018-02-asterisk-pjsip-sdp-invalid-fmtp-segfault.md) (2018-02-22)
- [Asterisk PJSIP: crash via invalid SDP media format description](/advisories/ES2018-03-asterisk-pjsip-sdp-invalid-media-format-description-segfault.md) (2018-02-22)
- [Asterisk PJSIP: crash via repeated INVITE messages over TCP/TLS](/advisories/ES2018-04-asterisk-pjsip-tcp-segfault.md) (2018-02-22)
- [Asterisk PJSIP: stack corruption via large Accept header in SUBSCRIBE](/advisories/ES2018-01-asterisk-pjsip-subscribe-stack-corruption.md) (2018-02-22)
- [Asterisk: RTP Bleed vulnerability](/advisories/ES2017-04-asterisk-rtp-bleed.md) (2017-09-01)
- [Asterisk PJSIP: heap overflow in CSeq header parsing](/advisories/ES2017-01-asterisk-pjsip-cseq-overflow.md) (2017-05-23)
- [Asterisk PJSIP: out-of-bound memory access in multipart parser](/advisories/ES2017-02-asterisk-pjsip-multi-part-crash.md) (2017-05-23)
- [Asterisk Skinny: memory exhaustion denial of service](/advisories/ES2017-03-asterisk-chan-skinny-crash.md) (2017-05-23)
- [Liferay: XML External Entity vulnerability in OpenID component](/advisories/ES2016-01-liferay-xxe.md) (2016-01-01)
- [Juniper VPN SSL: client-side cross-site scripting](/advisories/ES2013-01-juniper-junos-dom-xss.md) (2013-09-12)
- [Applicure dotDefender: stored cross-site scripting in admin interface](/advisories/ES2010-01-applicure-dotDefender-stored-xss.md) (2010-06-01)
- [Armorlogic Profense WAF: multiple vulnerabilities](/advisories/ES2009-02-armorlogic-profense-multiple-vulnerabilities.md) (2009-05-13)
- [OpenX: multiple vulnerabilities](/advisories/ES2009-01-openx-multiple-vulnerabilities.md) (2009-04-01)
- [Apple Mail.app: S/MIME encrypted emails stored in clear text](/advisories/ES2008-01-apple-mailapp-stores-smime-clear-text.md) (2008-10-03)