CVSS: 7.5EPSS: 1%CPEs: 137EXPL: 0CVE-2008-1923
https://notcve.org/view.php?id=CVE-2008-1923
23 Apr 2008 — The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message. El IAX2 channel driver (chan_iax2) en Asterisk 1.2 anterior a la revisión 72630 y 1.4 anterior a la revisión 65679, cuando está configurado para permitir llamadas sin autentica... • http://bugs.digium.com/view.php?id=10078 • CWE-16: Configuration •
CVSS: 9.3EPSS: 1%CPEs: 40EXPL: 0CVE-2008-1390
https://notcve.org/view.php?id=CVE-2008-1390
24 Mar 2008 — The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses. El servidor AsteriskGUI HTTP en Asterisk Open Source 1.4.x antes de 1.4.19-rc3 y 1.6.x antes de 1.6.0-beta6, Busin... • http://downloads.digium.com/pub/security/AST-2008-005.html • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 46EXPL: 0CVE-2007-6430
https://notcve.org/view.php?id=CVE-2007-6430
20 Dec 2007 — Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username. Asterisk Open Source 1.2.x anterior a 1.2.26 y 1.4.x anterior a 1.4.16, y Business Edition B.x.x anterior a B.2.3.6 y C.x.x an... • http://downloads.digium.com/pub/security/AST-2007-027.html • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2007-6170
https://notcve.org/view.php?id=CVE-2007-6170
30 Nov 2007 — SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments. Vulnerabilidad de inyección SQL en el motor de registro Call Detail Record Postgres (cdr_pgsql) de Asterisk 1.4.x anterior a 1.4.15, 1.2.x anterior a 1.2.25, B.x anterior a B.2.3.4, y C.x anterior a C.1.0-beta6 permit... • http://downloads.digium.com/pub/security/AST-2007-026.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2007-6171
https://notcve.org/view.php?id=CVE-2007-6171
30 Nov 2007 — SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Vulnerabilidad de inyección SQL en Postgres Realtime Engine (res_config_pgsql) de Asterisk 1.4.x anterior a 1.4.15 y C.x before C.1.0-beta6 permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores desconocidos. • http://downloads.digium.com/pub/security/AST-2007-025.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 0CVE-2007-5358
https://notcve.org/view.php?id=CVE-2007-5358
12 Oct 2007 — Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files. Múltiples desbordamientos de búfer en la funcionalidad de voice... • http://downloads.digium.com/pub/security/AST-2007-022.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 3EXPL: 0CVE-2007-4455
https://notcve.org/view.php?id=CVE-2007-4455
22 Aug 2007 — The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created. El controlador de canal SIP (chan_sip) en Asterisk Open Source 1.4.x anterior a 1.4.11, AsteriskNOW anterior a beta7, Asterisk Appliance Developer Kit 0.x an... • http://downloads.digium.com/pub/asa/AST-2007-020.html •
CVSS: 6.5EPSS: 2%CPEs: 4EXPL: 0CVE-2007-4280
https://notcve.org/view.php?id=CVE-2007-4280
09 Aug 2007 — The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population. El dispositivo de canal Skinny (chan_skinny) en el Asterisk Open Source anterior al 1.4.10, el AsteriskNOW anterior al beta7, el A... • http://downloads.digium.com/pub/asa/ASA-2007-019.pdf •
CVSS: 7.8EPSS: 3%CPEs: 3EXPL: 0CVE-2007-4103
https://notcve.org/view.php?id=CVE-2007-4103
31 Jul 2007 — The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released. El controlador de canal IAX2 (chan_iax2) de Asterisk Open 1.2.x anterior a 1.2.23, 1.4.x anterior a 1.4.9, y Asterisk App... • http://bugs.gentoo.org/show_bug.cgi?id=185713 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 9.8EPSS: 9%CPEs: 36EXPL: 0CVE-2007-3762
https://notcve.org/view.php?id=CVE-2007-3762
18 Jul 2007 — Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame. Desbordamiento de búfer basado en pila en el controlador de canal IAX2 (chan_iax2) de Asterisk anterior a 1.2.22 y 1.4.x anterior a 1.4.8, Business Edition anterior a B.2.2.... • http://bugs.gentoo.org/show_bug.cgi?id=185713 •