CVSS: 7.5EPSS: 0%CPEs: 220EXPL: 5CVE-2009-4055 – Debian Linux Security Advisory 1952-1
https://notcve.org/view.php?id=CVE-2009-4055
01 Dec 2009 — rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length. rtp.c en Asterisk Open Source v1.2.x anterior a v1.2.37, v1.4.x anterior a v1.4.27.1, v1.6.0.x anterior a v1.6.0.19, y v1.6.1.x anterio... • http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt •
CVSS: 5.3EPSS: 0%CPEs: 215EXPL: 0CVE-2009-3727 – Debian Linux Security Advisory 1952-1
https://notcve.org/view.php?id=CVE-2009-3727
10 Nov 2009 — Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Diges... • http://downloads.asterisk.org/pub/security/AST-2009-008.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 192EXPL: 0CVE-2009-2346 – Asterisk Project Security Advisory - AST-2009-006
https://notcve.org/view.php?id=CVE-2009-2346
04 Sep 2009 — The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263. La implementación del protocolo IAX2 en Asterisk Open Source v1.2.x antes de v1.2.35... • http://downloads.asterisk.org/pub/security/AST-2009-006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 30%CPEs: 9EXPL: 1CVE-2009-2726 – Asterisk Project Security Advisory - Driver Crash
https://notcve.org/view.php?id=CVE-2009-2726
11 Aug 2009 — The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal char... • http://downloads.digium.com/pub/security/AST-2009-005.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 2%CPEs: 30EXPL: 0CVE-2009-0871
https://notcve.org/view.php?id=CVE-2009-0871
11 Mar 2009 — The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions. El controlador de canal SIP en Asterisk Open Source v1.4.22, v1.4.23, y v1.4.23.1; v1.6.... • http://bugs.digium.com/view.php?id=13547 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 11%CPEs: 122EXPL: 0CVE-2008-3264 – AST-2008-011.txt
https://notcve.org/view.php?id=CVE-2008-3264
23 Jul 2008 — The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request. La implementación FWDOWNL firmware-download en Asterisk Open Source 1.0.x, 1.2.x antes de 1.2.30 y 1.4.x antes de 1.4.21.2; Business E... • http://downloads.digium.com/pub/security/AST-2008-011.html • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 51%CPEs: 108EXPL: 3CVE-2008-3263 – Asterisk 1.6 IAX - 'POKE' Requests Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-3263
22 Jul 2008 — The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests. La implementación del protocolo IAX2 en Asterisk Open Source versiones 1.0.x, versiones 1.2... • https://www.exploit-db.com/exploits/32095 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 3%CPEs: 145EXPL: 0CVE-2008-1897 – AST-2008-006.txt
https://notcve.org/view.php?id=CVE-2008-1897
23 Apr 2008 — The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a... • http://bugs.digium.com/view.php?id=10078 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 1%CPEs: 109EXPL: 0CVE-2008-1332 – Gentoo Linux Security Advisory 200804-13
https://notcve.org/view.php?id=CVE-2008-1332
19 Mar 2008 — Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header. Vulnerabilidad no especificada en Asterisk Open Source versiones 1.2.x anteriores a 1.2.27, 1.4.x anteriores a 1.4.18.1 y 1.4.19-rc... • http://downloads.digium.com/pub/security/AST-2008-003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 3%CPEs: 40EXPL: 0CVE-2008-1390 – AST-2008-005.txt
https://notcve.org/view.php?id=CVE-2008-1390
19 Mar 2008 — The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses. El servidor AsteriskGUI HTTP en Asterisk Open Source 1.4.x antes de 1.4.19-rc3 y 1.6.x antes de 1.6.0-beta6, Busin... • http://downloads.digium.com/pub/security/AST-2008-005.html • CWE-255: Credentials Management Errors •