CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2007-2488 – Debian Linux Security Advisory 1358-1
https://notcve.org/view.php?id=CVE-2007-2488
07 May 2007 — The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte. El controlador del canal IAX2 (chan_iax2) en Asterisk anterior a 20070504 no anula correctamente los datos terminales, lo cual permite a atacantes remotos disparar la pérdida de datos transmit... • http://ftp.digium.com/pub/asa/ASA-2007-013.pdf •
CVSS: 7.8EPSS: 4%CPEs: 37EXPL: 0CVE-2007-1594 – Gentoo Linux Security Advisory 200704-1
https://notcve.org/view.php?id=CVE-2007-1594
22 Mar 2007 — The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet. La función handle_response en chan_sip.c de Asterisk before 1.2.17 y 1.4.x versiones anteriores a 1.4.2 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una respuesta SIP código 0 en un paquete SIP. The Madynes research team at INRIA has discovered that Asterisk contains a null point... • http://bugs.digium.com/view.php?id=9313 •
CVSS: 9.8EPSS: 86%CPEs: 26EXPL: 2CVE-2006-5444 – Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-5444
23 Oct 2006 — Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. Desbordamiento de entero en la función get_input en el controlador de canal Skinny (chan_skinny.c) en Asterisk 1.0.x anteriores a 1.0.12 y 1.2.x anteriores a 1.2.13, utilizados en... • https://www.exploit-db.com/exploits/2597 •
CVSS: 9.8EPSS: 5%CPEs: 20EXPL: 0CVE-2006-4345
https://notcve.org/view.php?id=CVE-2006-4345
24 Aug 2006 — Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response. Desbordamiento de búfer basado en pila en channels/chan_mgcp.c de MGCP en Asterisk 1.0 hasta 1.2.10 permite a atacantes remotos ejecutar código de su elección mediante una respuesta de fin de auditoría (audit endpoint) (AUEP) manipulada. • http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11 •
CVSS: 9.8EPSS: 3%CPEs: 38EXPL: 1CVE-2006-1827 – Debian Linux Security Advisory 1048-1
https://notcve.org/view.php?id=CVE-2006-1827
18 Apr 2006 — Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length. Several problems have been discovered in Asterisk, an Open Source Private Branch Exchange (telephone control center). Adam Pointon discovered that due to missing input sanitizing it is possible to retrieve recorded phone messages for a different extens... • http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz •
CVSS: 7.5EPSS: 5%CPEs: 33EXPL: 2CVE-2005-3559 – Asterisk 0.x/1.0/1.2 Voicemail - Unauthorized Access
https://notcve.org/view.php?id=CVE-2005-3559
16 Nov 2005 — Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter. Several problems have been discovered in Asterisk, an Open Source Private Branch Exchange (telephone control center). Adam Pointon discovered that due to missing input sanitizing it is possible to retrieve recorded phone messages for a different extension. Emmanouel Kellinis discovered an integer signedness error that could trigger a buf... • https://www.exploit-db.com/exploits/26475 •