CVSS: 7.8EPSS: 4%CPEs: 37EXPL: 0CVE-2007-1594 – Gentoo Linux Security Advisory 200704-1
https://notcve.org/view.php?id=CVE-2007-1594
22 Mar 2007 — The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet. La función handle_response en chan_sip.c de Asterisk before 1.2.17 y 1.4.x versiones anteriores a 1.4.2 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una respuesta SIP código 0 en un paquete SIP. The Madynes research team at INRIA has discovered that Asterisk contains a null point... • http://bugs.digium.com/view.php?id=9313 •
CVSS: 9.8EPSS: 86%CPEs: 26EXPL: 2CVE-2006-5444 – Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-5444
23 Oct 2006 — Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. Desbordamiento de entero en la función get_input en el controlador de canal Skinny (chan_skinny.c) en Asterisk 1.0.x anteriores a 1.0.12 y 1.2.x anteriores a 1.2.13, utilizados en... • https://www.exploit-db.com/exploits/2597 •
CVSS: 9.8EPSS: 5%CPEs: 20EXPL: 0CVE-2006-4345
https://notcve.org/view.php?id=CVE-2006-4345
24 Aug 2006 — Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response. Desbordamiento de búfer basado en pila en channels/chan_mgcp.c de MGCP en Asterisk 1.0 hasta 1.2.10 permite a atacantes remotos ejecutar código de su elección mediante una respuesta de fin de auditoría (audit endpoint) (AUEP) manipulada. • http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11 •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2006-2898 – Debian Linux Security Advisory 1126-1
https://notcve.org/view.php?id=CVE-2006-2898
07 Jun 2006 — The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable. A problem has been discovered in the IAX2 channel driver of Asterisk, an Open Source Private B... • http://secunia.com/advisories/20497 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 38EXPL: 1CVE-2006-1827 – Debian Linux Security Advisory 1048-1
https://notcve.org/view.php?id=CVE-2006-1827
18 Apr 2006 — Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length. Several problems have been discovered in Asterisk, an Open Source Private Branch Exchange (telephone control center). Adam Pointon discovered that due to missing input sanitizing it is possible to retrieve recorded phone messages for a different extens... • http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz •
CVSS: 7.5EPSS: 5%CPEs: 33EXPL: 2CVE-2005-3559 – Asterisk 0.x/1.0/1.2 Voicemail - Unauthorized Access
https://notcve.org/view.php?id=CVE-2005-3559
16 Nov 2005 — Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter. Several problems have been discovered in Asterisk, an Open Source Private Branch Exchange (telephone control center). Adam Pointon discovered that due to missing input sanitizing it is possible to retrieve recorded phone messages for a different extension. Emmanouel Kellinis discovered an integer signedness error that could trigger a buf... • https://www.exploit-db.com/exploits/26475 •