CVSS: 7.5EPSS: 2%CPEs: 16EXPL: 0CVE-2008-2543
https://notcve.org/view.php?id=CVE-2008-2543
05 Jun 2008 — The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets. El controlador de canal ooh323 channel en Asterisk Addons 1.2.x anteriores a 1.2.9 y Asterisk-Addons 1.4.x anteriores a 1.4.7 crea un puer... • http://downloads.digium.com/pub/security/AST-2008-009.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 8%CPEs: 53EXPL: 1CVE-2008-2119 – Asterisk 1.2.x - SIP channel driver / in pedantic mode Remote Crash
https://notcve.org/view.php?id=CVE-2008-2119
04 Jun 2008 — Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer. Asterisk Open Source 1.0.x y 1.2.x anterior 1.2.29 y Business Edition A.x.x y B.x.x anterior B.2.5.... • https://www.exploit-db.com/exploits/5749 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 137EXPL: 0CVE-2008-1923
https://notcve.org/view.php?id=CVE-2008-1923
23 Apr 2008 — The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message. El IAX2 channel driver (chan_iax2) en Asterisk 1.2 anterior a la revisión 72630 y 1.4 anterior a la revisión 65679, cuando está configurado para permitir llamadas sin autentica... • http://bugs.digium.com/view.php?id=10078 • CWE-16: Configuration •
CVSS: 7.5EPSS: 3%CPEs: 145EXPL: 0CVE-2008-1897
https://notcve.org/view.php?id=CVE-2008-1897
23 Apr 2008 — The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a... • http://bugs.digium.com/view.php?id=10078 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 20%CPEs: 8EXPL: 3CVE-2008-1289 – Asterisk 1.4.x - RTP Codec Payload Handling Multiple Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-1289
24 Mar 2008 — Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via... • https://www.exploit-db.com/exploits/31440 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 40EXPL: 0CVE-2008-1390
https://notcve.org/view.php?id=CVE-2008-1390
24 Mar 2008 — The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses. El servidor AsteriskGUI HTTP en Asterisk Open Source 1.4.x antes de 1.4.19-rc3 y 1.6.x antes de 1.6.0-beta6, Busin... • http://downloads.digium.com/pub/security/AST-2008-005.html • CWE-255: Credentials Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 109EXPL: 0CVE-2008-1332
https://notcve.org/view.php?id=CVE-2008-1332
20 Mar 2008 — Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header. Vulnerabilidad no especificada en Asterisk Open Source versiones 1.2.x anteriores a 1.2.27, 1.4.x anteriores a 1.4.18.1 y 1.4.19-rc... • http://downloads.digium.com/pub/security/AST-2008-003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 31%CPEs: 5EXPL: 2CVE-2008-0095 – Asterisk 1.x - BYE Message Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-0095
08 Jan 2008 — The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference. El controlador de canal SIP de Asterisk Open Source 1.4.x versiones anteriores a 1.4.17, Business Edition versione... • https://www.exploit-db.com/exploits/30974 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 46EXPL: 0CVE-2007-6430
https://notcve.org/view.php?id=CVE-2007-6430
20 Dec 2007 — Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username. Asterisk Open Source 1.2.x anterior a 1.2.26 y 1.4.x anterior a 1.4.16, y Business Edition B.x.x anterior a B.2.3.6 y C.x.x an... • http://downloads.digium.com/pub/security/AST-2007-027.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 2CVE-2007-5488 – Asterisk 'asterisk-addons' 1.2.7/1.4.3 - CDR_ADDON_MYSQL Module SQL Injection
https://notcve.org/view.php?id=CVE-2007-5488
17 Oct 2007 — Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record. Múltiples vulnerabilidades de inyección SQL en la función cdr_addon_mysql en Asterisk-Addons versiones anteriores a 1.2.8 y versiones 1.4.x anteriores a 1.4.4, permiten a atacantes remotos ejecutar comandos SQL arbitrarios por medio de los n... • https://www.exploit-db.com/exploits/30677 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •