CVSS: 7.5EPSS: 11%CPEs: 3EXPL: 0CVE-2007-4455
https://notcve.org/view.php?id=CVE-2007-4455
22 Aug 2007 — The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created. El controlador de canal SIP (chan_sip) en Asterisk Open Source 1.4.x anterior a 1.4.11, AsteriskNOW anterior a beta7, Asterisk Appliance Developer Kit 0.x an... • http://downloads.digium.com/pub/asa/AST-2007-020.html •
CVSS: 6.5EPSS: 93%CPEs: 4EXPL: 0CVE-2007-4280
https://notcve.org/view.php?id=CVE-2007-4280
09 Aug 2007 — The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population. El dispositivo de canal Skinny (chan_skinny) en el Asterisk Open Source anterior al 1.4.10, el AsteriskNOW anterior al beta7, el A... • http://downloads.digium.com/pub/asa/ASA-2007-019.pdf •
CVSS: 7.8EPSS: 28%CPEs: 3EXPL: 0CVE-2007-4103
https://notcve.org/view.php?id=CVE-2007-4103
31 Jul 2007 — The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released. El controlador de canal IAX2 (chan_iax2) de Asterisk Open 1.2.x anterior a 1.2.23, 1.4.x anterior a 1.4.9, y Asterisk App... • http://bugs.gentoo.org/show_bug.cgi?id=185713 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 96%CPEs: 36EXPL: 1CVE-2007-3764 – Asterisk < 1.2.22/1.4.8/2.2.1 - 'chan_skinny' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-3764
18 Jul 2007 — The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy." El controlador de canal Skinny (chan_skinny) en Asterisk anterior a 1.2.22 y 1.4.x anterior a 1.4.8, Business Edition anterior a B.2.2.1, Asteris... • https://www.exploit-db.com/exploits/4196 •
CVSS: 7.5EPSS: 5%CPEs: 36EXPL: 0CVE-2007-3765
https://notcve.org/view.php?id=CVE-2007-3765
18 Jul 2007 — The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port. La implementación STUN en Asterisk 1.4.x anterior a 1.4.8, AsteriskNOW anterior a beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos provocar denegación de servicio (caida) a través d... • http://ftp.digium.com/pub/asa/ASA-2007-017.pdf •
CVSS: 7.5EPSS: 95%CPEs: 36EXPL: 1CVE-2007-3763 – Asterisk < 1.2.22/1.4.8 - IAX2 Channel Driver Remote Crash
https://notcve.org/view.php?id=CVE-2007-3763
18 Jul 2007 — The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable. El gestor de dispositivo de canal IAX2 (chan_iax... • https://www.exploit-db.com/exploits/4249 •
CVSS: 9.8EPSS: 19%CPEs: 36EXPL: 0CVE-2007-3762
https://notcve.org/view.php?id=CVE-2007-3762
18 Jul 2007 — Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame. Desbordamiento de búfer basado en pila en el controlador de canal IAX2 (chan_iax2) de Asterisk anterior a 1.2.22 y 1.4.x anterior a 1.4.8, Business Edition anterior a B.2.2.... • http://bugs.gentoo.org/show_bug.cgi?id=185713 •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 0CVE-2007-2488
https://notcve.org/view.php?id=CVE-2007-2488
07 May 2007 — The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte. El controlador del canal IAX2 (chan_iax2) en Asterisk anterior a 20070504 no anula correctamente los datos terminales, lo cual permite a atacantes remotos disparar la pérdida de datos transmit... • http://ftp.digium.com/pub/asa/ASA-2007-013.pdf •
CVSS: 7.8EPSS: 9%CPEs: 13EXPL: 0CVE-2007-2297
https://notcve.org/view.php?id=CVE-2007-2297
26 Apr 2007 — The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash). El SIP channel driver (chan_sip) del Asterisk anterior al 1.2.18 y el 1.4.x anterior al 1.4.3 no analiza sintácticamente de forma correcta los paquetes SIP UDP que no contienen un código de respuesta válido, lo que permite a atacantes remotos provocar una denegación de servicio... • http://bugs.digium.com/view.php?id=9313 •
CVSS: 7.8EPSS: 8%CPEs: 18EXPL: 0CVE-2007-2294
https://notcve.org/view.php?id=CVE-2007-2294
26 Apr 2007 — The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference. El Manager Interface en Asterisk anterior a 1.2.18 y 1.4.x anterior a 1.4.3 permite a atacantes remotos provocar denegación de servicio (caida) utilizando validación MD5 para validar a un usuario que no tiene definida una contraseña ... • http://secunia.com/advisories/24977 •