CVSS: 7.5EPSS: 3%CPEs: 50EXPL: 0CVE-2017-9372 – Debian Security Advisory 3933-1
https://notcve.org/view.php?id=CVE-2017-9372
02 Jun 2017 — PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter. PJSIP, tal como es usado en Asterisk Open Source versiones 13.x y anteriores a 13.15.1 y versiones 14.x y anteriores a 14.4.1, Certified Asterisk versión 13.13 y a... • http://downloads.asterisk.org/pub/security/AST-2017-002.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 42EXPL: 0CVE-2017-9359 – Debian Security Advisory 3933-1
https://notcve.org/view.php?id=CVE-2017-9359
02 Jun 2017 — The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. El analizador multi-part body en PJSIP, tal como es usado en Asterisk Open Source versiones 13.x y anteriores a 13.15.1 y versiones 14.x y anteriores a 14.4.1, Certified Asterisk versión 13.13 y anteriores a 13.13-ce... • http://downloads.asterisk.org/pub/security/AST-2017-003.txt • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 18%CPEs: 61EXPL: 0CVE-2017-7617
https://notcve.org/view.php?id=CVE-2017-7617
10 Apr 2017 — Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action. La ejecución remota de código puede ocurrir en Asterisk Open Source 13.x en versiones anteriores a 13.14.1 y 14.x en versiones anteriores a 14.3.1 y Asterisk certificado 13.13 en versiones anteriores a 13.13-cert3 debido a ... • http://downloads.asterisk.org/pub/security/AST-2017-001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 1%CPEs: 146EXPL: 0CVE-2016-9938
https://notcve.org/view.php?id=CVE-2016-9938
12 Dec 2016 — An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that ... • http://downloads.asterisk.org/pub/security/AST-2016-009.html • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 6%CPEs: 113EXPL: 0CVE-2016-7551 – Debian Security Advisory 3700-1
https://notcve.org/view.php?id=CVE-2016-7551
26 Oct 2016 — chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion). chain_sip en Asterisk Open Source 11.x en versiones anteriores a 11.23.1 y 13.x 13.11.1 y Certified Asterisk 11.6 en versiones anteriores a 11.6-cert15 y 13.8 en versiones anteriores a 13.8-cert3 permite a atacantes remotos provocar una denegación de servicio (agotamiento portuario) Multiple vu... • http://downloads.asterisk.org/pub/security/AST-2016-007.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 7%CPEs: 288EXPL: 0CVE-2016-2232 – Debian Security Advisory 3700-1
https://notcve.org/view.php?id=CVE-2016-2232
22 Feb 2016 — Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost. Asterisk Open Source 1.8.x, 11.x en versiones anteriores a 11.21.1, 12.x y 13.x en versiones anteriores a 13.7.1 y Certified Asterisk 1.8.28, 11.6 en ver... • http://downloads.asterisk.org/pub/security/AST-2016-003.html •
CVSS: 7.1EPSS: 0%CPEs: 290EXPL: 1CVE-2016-2316 – Debian Security Advisory 3700-1
https://notcve.org/view.php?id=CVE-2016-2316
22 Feb 2016 — chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values. chan_sip en Asterisk Open Source 1.8.x, 11.x en versiones anteriores a 11.21.1, 12.x y 13.x en versiones anteriores a 13.7... • http://downloads.asterisk.org/pub/security/AST-2016-002.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.5EPSS: 39%CPEs: 322EXPL: 0CVE-2015-3008 – Debian Security Advisory 3700-1
https://notcve.org/view.php?id=CVE-2015-3008
09 Apr 2015 — Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. As... • http://advisories.mageia.org/MGASA-2015-0153.html • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 17%CPEs: 34EXPL: 0CVE-2015-1558
https://notcve.org/view.php?id=CVE-2015-1558
09 Feb 2015 — Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs. Asterisk Open Source 12.x anterior a 12.8.1 y 13.x anterior a 13.1.1, cuando utiliza el controlador de canales PJSIP, no recupera correctamente los puertos RTP, lo que permite a usuarios remotos autenticados causar una de... • http://downloads.asterisk.org/pub/security/AST-2015-001.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 1%CPEs: 144EXPL: 0CVE-2012-4737 – Debian Security Advisory 2550-2
https://notcve.org/view.php?id=CVE-2012-4737
30 Aug 2012 — channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. channels/chan_iax2.c en Asterisk Open Source v... • http://downloads.asterisk.org/pub/security/AST-2012-013.html • CWE-264: Permissions, Privileges, and Access Controls •