NotCVE - vendor:"Asterisk" product:"Asterisk"

Page 4 of 44 results (0.005 seconds)

CVSS: 7.8EPSS: 5%CPEs: 192EXPL: 0

CVE-2009-2346

https://notcve.org/view.php?id=CVE-2009-2346

The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263. La implementación del protocolo IAX2 en Asterisk Open Source v1.2.x antes de v1.2.35, v1.4.x antes de v1.4.26.2, v1.6.0.x antes de v1.6.0.15, v1.6.1.x antes de v1.6.1.x; Business Edition vB.x.x antes de que vB.2.5.10, vC.2.x antes vC.2.4.3 y vC.3.x antes de C.3.1.1; y S800i v1.3.x antes de v1.3.0.3 permite a atacantes remotos causar una denegación de servicio iniciando muchos intercambios de mensajes IAX2. Se trata de una aunto relacionado con la CVE-2008-3263. • http://downloads.asterisk.org/pub/security/AST-2009-006.html http://secunia.com/advisories/36593 http://securitytracker.com/id?1022819 http://www.securityfocus.com/archive/1/506257/100/0/threaded http://www.securityfocus.com/bid/36275 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 150EXPL: 0

CVE-2009-0041

https://notcve.org/view.php?id=CVE-2009-0041

IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. IAX2 en Asterisk Open Source v1.2.x anterior a v1.2.31, v1.4.x anterior a v1.4.23-rc4, y v1.6.x anterior a v1.6.0.3-rc2; Business Edition A.x.x, B.x.x anterior a B.2.5.7, C.1.x.x anterior a C.1.10.4, y C.2.x.x anterior a C.2.1.2.1; y s800i 1.2.x anterior a v1.3.0 responden de manera distinta ante un intento de acceso fallido dependiendo de si la cuenta de usuario existe, lo que permite a atacantes remotos listar nombres de usuario válidos. • http://downloads.digium.com/pub/security/AST-2009-001.html http://secunia.com/advisories/33453 http://secunia.com/advisories/34982 http://secunia.com/advisories/37677 http://security.gentoo.org/glsa/glsa-200905-01.xml http://securityreason.com/securityalert/4910 http://www.debian.org/security/2009/dsa-1952 http://www.securityfocus.com/archive/1/499884/100/0/threaded http://www.securityfocus.com/bid/33174 http://www.securitytracker.com/id?1021549 http://www.vupen.com/e • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 7%CPEs: 17EXPL: 0

CVE-2008-5558

https://notcve.org/view.php?id=CVE-2008-5558

Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching. Asterisk Open Source 1.2.26 hasta 1.2.30.3 y Business Edition B.2.3.5 hasta B.2.5.5, cuando los usuarios realtime IAX2 son habilitados, permite a los atacantes remotos causar una denegación de servicio (caída) a través de intentos de autenticación relativos a (1) usuarios desconocidos o (2) usuarios que usan hostname coincidentes. • http://downloads.digium.com/pub/security/AST-2008-012.html http://osvdb.org/50675 http://secunia.com/advisories/32956 http://secunia.com/advisories/34982 http://security.gentoo.org/glsa/glsa-200905-01.xml http://securityreason.com/securityalert/4769 http://www.securityfocus.com/archive/1/499117/100/0/threaded http://www.securityfocus.com/bid/32773 http://www.securitytracker.com/id?1021378 http://www.vupen.com/english/advisories/2008/3403 • CWE-287: Improper Authentication •

CVSS: 7.8EPSS: 8%CPEs: 122EXPL: 0

CVE-2008-3264

https://notcve.org/view.php?id=CVE-2008-3264

The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request. La implementación FWDOWNL firmware-download en Asterisk Open Source 1.0.x, 1.2.x antes de 1.2.30 y 1.4.x antes de 1.4.21.2; Business Edition A.x.x, B.x.x antes de B.2.5.4 y C.x.x antes de C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; y s800i 1.0.x antes de 1.2.0.1 permite a atacantes remotos provocar una denegación de servicio (amplificación del tráfico) mediante una petición IAX2 FWDOWNL. • http://downloads.digium.com/pub/security/AST-2008-011.html http://secunia.com/advisories/31178 http://secunia.com/advisories/31194 http://secunia.com/advisories/34982 http://security.gentoo.org/glsa/glsa-200905-01.xml http://www.securityfocus.com/archive/1/494676/100/0/threaded http://www.securityfocus.com/bid/30350 http://www.securitytracker.com/id?1020536 http://www.vupen.com/english/advisories/2008/2168/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43955 https • CWE-287: Improper Authentication •

CVSS: 7.8EPSS: 96%CPEs: 108EXPL: 3

CVE-2008-3263 – Asterisk 1.6 IAX - 'POKE' Requests Remote Denial of Service

https://notcve.org/view.php?id=CVE-2008-3263

The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests. La implementación del protocolo IAX2 en Asterisk Open Source versiones 1.0.x, versiones 1.2.x anteriores a 1.2.30 y versiones 1.4.x anteriores a 1.4.21.2; Business Edition versiones A.x.x, versiones B.x.x anteriores a B.2.5.4 y versiones C.x.x anteriores a C.1.10.3; AsteriskNOW; Appliance Developer Kit versiones 0.x.x; y s800i versiones 1.0.x anteriores a 1.2.0.1, permite a los atacantes remotos causar una denegación de servicio (agotamiento del número de llamadas y consumo de CPU) mediante el envío rápido de un gran número de peticiones POKE de IAX2 (IAX). • https://www.exploit-db.com/exploits/32095 http://downloads.digium.com/pub/security/AST-2008-010.html http://downloads.securityfocus.com/vulnerabilities/exploits/30321.pl http://secunia.com/advisories/31178 http://secunia.com/advisories/31194 http://secunia.com/advisories/34982 http://security.gentoo.org/glsa/glsa-200905-01.xml http://www.securityfocus.com/archive/1/494675/100/0/threaded http://www.securityfocus.com/bid/30321 http://www.securitytracker.com/id?1020535 http:// • CWE-399: Resource Management Errors •

1 2 3 4 5