CVSS: 7.5EPSS: 2%CPEs: 81EXPL: 1CVE-2013-7100 – Debian Security Advisory 2835-1
https://notcve.org/view.php?id=CVE-2013-7100
19 Dec 2013 — Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop. Desbordamiento de búfer en la función unpacksms16 en ... • http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 4%CPEs: 57EXPL: 0CVE-2013-5641 – Mandriva Linux Security Advisory 2013-223
https://notcve.org/view.php?id=CVE-2013-5641
30 Aug 2013 — The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information. El controlador de canal SIP (channel/chan_sip... • http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 81EXPL: 0CVE-2013-5642 – Mandriva Linux Security Advisory 2013-223
https://notcve.org/view.php?id=CVE-2013-5642
30 Aug 2013 — The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request. El cont... • http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 235EXPL: 0CVE-2013-2264 – Gentoo Linux Security Advisory 201401-15
https://notcve.org/view.php?id=CVE-2013-2264
28 Mar 2013 — The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2)... • http://downloads.asterisk.org/pub/security/AST-2013-003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 29%CPEs: 206EXPL: 0CVE-2012-5976 – Gentoo Linux Security Advisory 201401-15
https://notcve.org/view.php?id=CVE-2012-5976
03 Jan 2013 — Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol. Multiples vulnerabilidades de consumo en Asterisk Open Source v1.8.x anteriores a v1.8.19.1, v10.x anteriores a v10.11.1, y v1... • http://downloads.asterisk.org/pub/security/AST-2012-014 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 206EXPL: 0CVE-2012-5977 – Gentoo Linux Security Advisory 201401-15
https://notcve.org/view.php?id=CVE-2012-5977
03 Jan 2013 — Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache. Asterisk Open Source v1.8.x anteriores a v1.8.19.1, v10.x anteriores a v10.11.1, ... • http://downloads.asterisk.org/pub/security/AST-2012-015 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 144EXPL: 0CVE-2012-4737 – Debian Security Advisory 2550-2
https://notcve.org/view.php?id=CVE-2012-4737
30 Aug 2012 — channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. channels/chan_iax2.c en Asterisk Open Source v... • http://downloads.asterisk.org/pub/security/AST-2012-013.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 7%CPEs: 133EXPL: 0CVE-2012-3863 – Debian Security Advisory 2550-2
https://notcve.org/view.php?id=CVE-2012-3863
09 Jul 2012 — channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses. Asterisk Open Source v1.8.x anterior a v1.... • http://downloads.asterisk.org/pub/security/AST-2012-010.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 7%CPEs: 130EXPL: 0CVE-2012-3812 – Debian Security Advisory 2550-2
https://notcve.org/view.php?id=CVE-2012-3812
06 Jul 2012 — Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox. vulnerabilidad de doble liberación en apps/app_voicemail.c en Asterisk Open Source ... • http://downloads.asterisk.org/pub/security/AST-2012-011.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 4%CPEs: 105EXPL: 0CVE-2012-2947 – Debian Security Advisory 2493-1
https://notcve.org/view.php?id=CVE-2012-2947
29 May 2012 — chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold. chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Certified Asterisk 1.8.11-cert antes de v1.8.11-cert2 y Asterisk Open Source v1.8.x antes de v1.8.12.1 y v10.x antes de v10.4.1, cuando un... • http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html • CWE-284: Improper Access Control •