CVSS: 5.0EPSS: 9%CPEs: 1EXPL: 1CVE-2009-2651
https://notcve.org/view.php?id=CVE-2009-2651
main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer. main/rtp.c en Asterisk Open Source v1.6.1 anterior v1.6.1.2, permite a atacantes remotos provocar una denegación de servicio (caída) a través de un marco de texto RTP sin un determinado delimitador, lo que provoca una deferencia a puntero NULL y su consecuente cálculo no válido de puntero. • http://downloads.asterisk.org/pub/security/AST-2009-004.html http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt http://osvdb.org/56571 http://secunia.com/advisories/36039 http://www.securityfocus.com/bid/35837 http://www.securitytracker.com/id?1022608 http://www.vupen.com/english/advisories/2009/2067 https://exchange.xforce.ibmcloud.com/vulnerabilities/52046 • CWE-399: Resource Management Errors •
CVSS: 3.5EPSS: 2%CPEs: 30EXPL: 0CVE-2009-0871
https://notcve.org/view.php?id=CVE-2009-0871
The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions. El controlador de canal SIP en Asterisk Open Source v1.4.22, v1.4.23, y v1.4.23.1; v1.6.0 anterior a v1.6.0.6; v1.6.1 anterior a v1.6.1.0-rc2; y Asterisk Business Edition C.2.3, con la opción "pedantic" activada, permite a usuarios autenticados remotamente provocar una denegación de servicio (caída) a travñes de una petición SIP INVITE sin cabecera, lo que dispara una deferencia a puntero NULL en las funciones (1) sip_uri_headers_cmp y(2) sip_uri_params_cmp. • http://bugs.digium.com/view.php?id=13547 http://bugs.digium.com/view.php?id=14417 http://downloads.digium.com/pub/security/AST-2009-002.html http://osvdb.org/52568 http://secunia.com/advisories/34229 http://www.securityfocus.com/archive/1/501656/100/0/threaded http://www.securityfocus.com/bid/34070 http://www.securitytracker.com/id?1021834 http://www.vupen.com/english/advisories/2009/0667 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 96%CPEs: 108EXPL: 3CVE-2008-3263 – Asterisk 1.6 IAX - 'POKE' Requests Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-3263
The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests. La implementación del protocolo IAX2 en Asterisk Open Source versiones 1.0.x, versiones 1.2.x anteriores a 1.2.30 y versiones 1.4.x anteriores a 1.4.21.2; Business Edition versiones A.x.x, versiones B.x.x anteriores a B.2.5.4 y versiones C.x.x anteriores a C.1.10.3; AsteriskNOW; Appliance Developer Kit versiones 0.x.x; y s800i versiones 1.0.x anteriores a 1.2.0.1, permite a los atacantes remotos causar una denegación de servicio (agotamiento del número de llamadas y consumo de CPU) mediante el envío rápido de un gran número de peticiones POKE de IAX2 (IAX). • https://www.exploit-db.com/exploits/32095 http://downloads.digium.com/pub/security/AST-2008-010.html http://downloads.securityfocus.com/vulnerabilities/exploits/30321.pl http://secunia.com/advisories/31178 http://secunia.com/advisories/31194 http://secunia.com/advisories/34982 http://security.gentoo.org/glsa/glsa-200905-01.xml http://www.securityfocus.com/archive/1/494675/100/0/threaded http://www.securityfocus.com/bid/30321 http://www.securitytracker.com/id?1020535 http:// • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 3%CPEs: 40EXPL: 0CVE-2008-1390
https://notcve.org/view.php?id=CVE-2008-1390
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses. El servidor AsteriskGUI HTTP en Asterisk Open Source 1.4.x antes de 1.4.19-rc3 y 1.6.x antes de 1.6.0-beta6, Business Edition C.x.x antes de C.1.6, AsteriskNOW antes de 1.0.2, Appliance Developer Kit antes de la revisión 104704 y s800i 1.0.x antes de 1.1.0.2 genera valores ID de gestión no lo suficientemente aleatorios, lo que facilita a atacantes remotos secuestrar una sesión de gestión a través de una serie de adivinaciones de ID. • http://downloads.digium.com/pub/security/AST-2008-005.html http://secunia.com/advisories/29449 http://secunia.com/advisories/29470 http://securityreason.com/securityalert/3764 http://www.securityfocus.com/archive/1/489819/100/0/threaded http://www.securityfocus.com/bid/28316 http://www.securitytracker.com/id?1019679 https://exchange.xforce.ibmcloud.com/vulnerabilities/41304 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html https://www.redhat.com/archives/ • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2007-6171
https://notcve.org/view.php?id=CVE-2007-6171
SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Vulnerabilidad de inyección SQL en Postgres Realtime Engine (res_config_pgsql) de Asterisk 1.4.x anterior a 1.4.15 y C.x before C.1.0-beta6 permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores desconocidos. • http://downloads.digium.com/pub/security/AST-2007-025.html http://osvdb.org/38933 http://secunia.com/advisories/27873 http://securitytracker.com/id?1019021 http://www.securityfocus.com/archive/1/484387/100/0/threaded http://www.securityfocus.com/bid/26645 http://www.vupen.com/english/advisories/2007/4055 https://exchange.xforce.ibmcloud.com/vulnerabilities/38766 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •