CVSS: 7.5EPSS: 7%CPEs: 13EXPL: 0CVE-2014-4045 – Asterisk Project Security Advisory - AST-2014-005
https://notcve.org/view.php?id=CVE-2014-4045
13 Jun 2014 — The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device. El Framework Publish/Subscribe en el controlador de canales PJSIP en Asterisk Open Source 12.x anterior a 12.3.1, cuando sub_min_expiry esté configurado a cero, permite a atacantes remotos causar una denegación de servicio (fal... • http://downloads.asterisk.org/pub/security/AST-2014-005.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 11%CPEs: 217EXPL: 0CVE-2014-4047 – Asterisk Project Security Advisory - AST-2014-007
https://notcve.org/view.php?id=CVE-2014-4047
13 Jun 2014 — Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections. Asterisk Open Source 1.8.x anterior a 1.8.28.1, 11.x anterior a 11.10.1 y 12.x anterior a 12.3.1 y Certified Asterisk 1.8.15 anterior a 1.8.15-cert6 y 11.6 anterior a 11.6-cert3 permiten a atacantes... • http://downloads.asterisk.org/pub/security/AST-2014-007.html •
CVSS: 6.5EPSS: 27%CPEs: 232EXPL: 0CVE-2014-2287 – Mandriva Linux Security Advisory 2014-078
https://notcve.org/view.php?id=CVE-2014-2287
11 Mar 2014 — channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value. channels/chan_sip.c en Asterisk Open Source 1.8.x anterior a 1.8.2... • http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 17%CPEs: 4EXPL: 0CVE-2014-2289 – Gentoo Linux Security Advisory 201405-05
https://notcve.org/view.php?id=CVE-2014-2289
11 Mar 2014 — res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference. res/res_pjsip_exten_state.c en el controlador de canal PJSIP en Asterisk Open Source 12.x anterior a 12.1.0 permite a usuarios remotos autenticados causar una denegaci´´on de servicio (caída) a través de una solicitud SUBSCRIBE sin cabeceras A... • http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 46%CPEs: 232EXPL: 0CVE-2014-2286 – Mandriva Linux Security Advisory 2014-078
https://notcve.org/view.php?id=CVE-2014-2286
11 Mar 2014 — main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers. main/http.c en Asterisk Open Source 1.8.x anterior a 1.8.26.1, 11.8.x anterior a 11.8.1 y 12.1.x anterior a 12.1.1 y Certified Asterisk 1.8.x anterior a 1.8.15-... • http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 29%CPEs: 5EXPL: 0CVE-2014-2288 – Asterisk Project Security Advisory - AST-2014-003
https://notcve.org/view.php?id=CVE-2014-2288
11 Mar 2014 — The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request. El controlador de canal PJSIP en Asterisk Open Source 12.x anterior a 12.1.1, cuando qualify_frequency "está habilitado en un AOR y el servidor SIP remoto desafía para autent... • http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 144EXPL: 0CVE-2012-4737 – Debian Security Advisory 2550-2
https://notcve.org/view.php?id=CVE-2012-4737
30 Aug 2012 — channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. channels/chan_iax2.c en Asterisk Open Source v... • http://downloads.asterisk.org/pub/security/AST-2012-013.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 195EXPL: 0CVE-2011-2535 – Debian Security Advisory 2276-2
https://notcve.org/view.php?id=CVE-2011-2535
06 Jul 2011 — chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame. chan_iax2.c en el controlador de canal IAX2 en Asterisk Open Source v1.4.x anteriores a v1.4.41.1, v1.6.2.x anteriores a v... • http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 198EXPL: 0CVE-2011-2536 – Gentoo Linux Security Advisory 201110-21
https://notcve.org/view.php?id=CVE-2011-2536
29 Jun 2011 — chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests. chan_sip.c en el controlador de canal SIP en Asterisk Open Source v1.4.x anteriores a v1.4.41.2,... • http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 224EXPL: 0CVE-2011-1599 – Debian Security Advisory 2225-1
https://notcve.org/view.php?id=CVE-2011-1599
27 Apr 2011 — manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header. manager.c en la interfaz de administrador de Asterisk Open Source v1.4.x antes de v1.4.40.... • http://downloads.digium.com/pub/security/AST-2011-006.html • CWE-20: Improper Input Validation •