Page 4 of 21 results (0.010 seconds)

CVSS: 7.5EPSS: 59%CPEs: 232EXPL: 0

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers. main/http.c en Asterisk Open Source 1.8.x anterior a 1.8.26.1, 11.8.x anterior a 11.8.1 y 12.1.x anterior a 12.1.1 y Certified Asterisk 1.8.x anterior a 1.8.15-cert5 y 11.6 anterior a 11.6-cert2, permite a atacantes remotos causar una denegación de servicio (consumo de pila) y posiblemente ejecutar código arbitrario a través de una solicitud HTTP con un número grande de cabeceras de cookies. • http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff http://downloads.asterisk.org/pub/security/AST-2014-001.html http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:078 http://www.securityfocus.com/bid/66093 https://issues.asterisk.org/jira/browse/ASTERISK-23340 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 1%CPEs: 206EXPL: 0

Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache. Asterisk Open Source v1.8.x anteriores a v1.8.19.1, v10.x anteriores a v10.11.1, y v11.x anteriores a v11.1.2; Certified Asterisk v1.8.11 anteriores a v1.8.11-cert10; y Asterisk Digiumphones v10.x-digiumphones anteriores a v10.11.1-digiumphones, cuando están permitidas las llamadas anónimas, permiten a atacantes remotos a provocar una denegación de servicio(consumo de recursos) haciendo llamadas anónimas desde múltiples fuentes y en consecuencia, añadir varias entradas a la caché de estado del dispositivo. • http://downloads.asterisk.org/pub/security/AST-2012-015 http://www.debian.org/security/2013/dsa-2605 https://issues.asterisk.org/jira/browse/ASTERISK-20175 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 59%CPEs: 206EXPL: 0

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol. Multiples vulnerabilidades de consumo en Asterisk Open Source v1.8.x anteriores a v1.8.19.1, v10.x anteriores a v10.11.1, y v11.x anteriores a v11.1.2; Certified Asterisk v1.8.11 anteriores a v1.8.11-cert10; y Asterisk Digiumphones 10.x-digiumphones anteriores a 10.11.1-digiumphones permite a atacantes remotos provocar una denegación de servicio (caíde del demonio) a través de datos TCP usando los protocolos (1) SIP, (2) HTTP, o (3) XMPP. • http://downloads.asterisk.org/pub/security/AST-2012-014 http://www.debian.org/security/2013/dsa-2605 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.0EPSS: 0%CPEs: 144EXPL: 0

channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. channels/chan_iax2.c en Asterisk Open Source v1.8.x antes de v1.8.15.1 y v10.x antes de v10.7.1, Certified Asterisk v1.8.11-1.8.11 antes de cert7, Digiumphones Asterisk v10.xx-digiumphones antes de v10.7.1-digiumphones y Asterisk Business Edition C.3.x antes de C.3.7.6 no hace cumplir las reglas de ACL durante ciertos usos del par de credenciales, lo que permite a usuarios remotos autenticados eludir las restricciones de llamadas de salida aprovechándose de la disponibilidad de estas credenciales. • http://downloads.asterisk.org/pub/security/AST-2012-013.html http://secunia.com/advisories/50687 http://secunia.com/advisories/50756 http://www.debian.org/security/2012/dsa-2550 http://www.securityfocus.com/bid/55335 http://www.securitytracker.com/id?1027461 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.0EPSS: 1%CPEs: 133EXPL: 0

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses. Asterisk Open Source v1.8.x anterior a v1.8.13.1 y v10.x anterior a v10.5.2, Asterisk Business Edition vC.3.x anterior a vC.3.7.5, Certified Asterisk v1.8.11-certx anterior a v1.8.11-cert4, y Asterisk Digiumphones v10.x.x-digiumphones anterior a v10.5.2-digiumphones no maneja una respuesta provisional a una petición SIP reINVITE de forma adecuada, lo que permite a atacantes remotos autenticados provocar una denegación de servicio (agotamiento de puerto RTP) a través de sesiones que carecen de repuestas finales. • http://downloads.asterisk.org/pub/security/AST-2012-010.html http://secunia.com/advisories/50687 http://secunia.com/advisories/50756 http://www.debian.org/security/2012/dsa-2550 http://www.securityfocus.com/bid/54327 https://issues.asterisk.org/jira/browse/ASTERISK-19992 • CWE-399: Resource Management Errors •