Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Epss exploitation probability 17.5% and no vendor patch available.
The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.