CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2012-1183 – Gentoo Linux Security Advisory 201203-21
https://notcve.org/view.php?id=CVE-2012-1183
29 Mar 2012 — Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet. Vulnerabilidad de desboramiento de buffer basado en memoria dinámica en la función milliwatt_generate en main/utils.c en Asterisk ... • http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 195EXPL: 0CVE-2011-2535 – Debian Security Advisory 2276-2
https://notcve.org/view.php?id=CVE-2011-2535
06 Jul 2011 — chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame. chan_iax2.c en el controlador de canal IAX2 en Asterisk Open Source v1.4.x anteriores a v1.4.41.1, v1.6.2.x anteriores a v... • http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 198EXPL: 0CVE-2011-2536 – Gentoo Linux Security Advisory 201110-21
https://notcve.org/view.php?id=CVE-2011-2536
29 Jun 2011 — chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests. chan_sip.c en el controlador de canal SIP en Asterisk Open Source v1.4.x anteriores a v1.4.41.2,... • http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 224EXPL: 0CVE-2011-1599 – Debian Security Advisory 2225-1
https://notcve.org/view.php?id=CVE-2011-1599
27 Apr 2011 — manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header. manager.c en la interfaz de administrador de Asterisk Open Source v1.4.x antes de v1.4.40.... • http://downloads.digium.com/pub/security/AST-2011-006.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 224EXPL: 0CVE-2011-1507 – Debian Security Advisory 2225-1
https://notcve.org/view.php?id=CVE-2011-1507
21 Apr 2011 — Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections. Asterisk Open Source v1.4.x antes de v1.4.40.1, v1.6.1.x antes de v1.6.1.25, v1.6.2.x antes v1.6.2.17.3, y v1.8.x a... • http://downloads.digium.com/pub/security/AST-2011-005.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 2%CPEs: 203EXPL: 0CVE-2011-1147 – Debian Security Advisory 2225-1
https://notcve.org/view.php?id=CVE-2011-1147
15 Mar 2011 — Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet. Múltiples desbor... • http://downloads.asterisk.org/pub/security/AST-2011-002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2011-0495 – Debian Security Advisory 2171-1
https://notcve.org/view.php?id=CVE-2011-0495
20 Jan 2011 — Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function. Desbordamiento de búfer basado en pila en la función ast_uri_encode, ... • http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 126EXPL: 1CVE-2010-0685
https://notcve.org/view.php?id=CVE-2010-0685
23 Feb 2010 — The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this... • http://downloads.digium.com/pub/security/AST-2010-002.html •
CVSS: 7.5EPSS: 3%CPEs: 53EXPL: 0CVE-2010-0441 – Asterisk Project Security Advisory - AST-2010-001
https://notcve.org/view.php?id=CVE-2010-0441
03 Feb 2010 — Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number. Asterisk Open Source v1.6.0.x anterior v1.6.0.22, v1.6.1.x anterior v1.6.1.14, y v1.6.2.x anterior v1.6.2.2, y Business Edition vC.3 ant... • http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 220EXPL: 5CVE-2009-4055 – Debian Linux Security Advisory 1952-1
https://notcve.org/view.php?id=CVE-2009-4055
01 Dec 2009 — rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length. rtp.c en Asterisk Open Source v1.2.x anterior a v1.2.37, v1.4.x anterior a v1.4.27.1, v1.6.0.x anterior a v1.6.0.19, y v1.6.1.x anterio... • http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt •