CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4048
https://notcve.org/view.php?id=CVE-2014-4048
The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout. El controlador de canales PJSIP en Asterisk Open Source anterior a 12.3.1 permite a atacantes remotos causar una denegación de servicio (bloqueo) mediante la terminación de una solicitud de suscripción antes de que se haya completado, lo que provoca un timeout de la transacción SIP. • http://downloads.asterisk.org/pub/security/AST-2014-008.html http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html http://www.securityfocus.com/archive/1/532416/100/0/threaded •
CVSS: 5.0EPSS: 0%CPEs: 217EXPL: 0CVE-2014-4047
https://notcve.org/view.php?id=CVE-2014-4047
Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections. Asterisk Open Source 1.8.x anterior a 1.8.28.1, 11.x anterior a 11.10.1 y 12.x anterior a 12.3.1 y Certified Asterisk 1.8.15 anterior a 1.8.15-cert6 y 11.6 anterior a 11.6-cert3 permiten a atacantes remotos causar una denegación de servicio (consumo de conexión) a través de un número grande de conexiones HTTP (1) inactivas o (2) incompletas. • http://downloads.asterisk.org/pub/security/AST-2014-007.html http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html http://www.securityfocus.com/archive/1/532415/100/0/threaded •
CVSS: 6.5EPSS: 0%CPEs: 54EXPL: 0CVE-2014-4046
https://notcve.org/view.php?id=CVE-2014-4046
Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action. Asterisk Open Source 11.x anterior a 11.10.1 y 12.x anterior a 12.3.1 y Certified Asterisk 11.6 anterior a 11.6-cert3 permite a usuarios remotos autenticados Manager ejecutar comandos del sistema arbitrarios a través de una acción MixMonitor. • http://downloads.asterisk.org/pub/security/AST-2014-006.html http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html http://www.securityfocus.com/archive/1/532419/100/0/threaded •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4045
https://notcve.org/view.php?id=CVE-2014-4045
The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device. El Framework Publish/Subscribe en el controlador de canales PJSIP en Asterisk Open Source 12.x anterior a 12.3.1, cuando sub_min_expiry esté configurado a cero, permite a atacantes remotos causar una denegación de servicio (fallo de aserción y caída) a través de una solicitud UNSUBSCRIBE cuando no está suscrito al dispositivo. • http://downloads.asterisk.org/pub/security/AST-2014-005.html http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html http://www.securityfocus.com/archive/1/532414/100/0/threaded • CWE-189: Numeric Errors •
CVSS: 3.5EPSS: 5%CPEs: 4EXPL: 0CVE-2014-2289
https://notcve.org/view.php?id=CVE-2014-2289
res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference. res/res_pjsip_exten_state.c en el controlador de canal PJSIP en Asterisk Open Source 12.x anterior a 12.1.0 permite a usuarios remotos autenticados causar una denegaci´´on de servicio (caída) a través de una solicitud SUBSCRIBE sin cabeceras Accept, lo que provoca una referencia de puntero invalida. • http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff http://downloads.asterisk.org/pub/security/AST-2014-004.html http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html https://issues.asterisk.org/jira/browse/ASTERISK-23139 • CWE-20: Improper Input Validation •