CVSS: 7.5EPSS: 8%CPEs: 57EXPL: 0CVE-2013-5641 – Mandriva Linux Security Advisory 2013-223
https://notcve.org/view.php?id=CVE-2013-5641
30 Aug 2013 — The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information. El controlador de canal SIP (channel/chan_sip... • http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 24%CPEs: 81EXPL: 0CVE-2013-5642 – Mandriva Linux Security Advisory 2013-223
https://notcve.org/view.php?id=CVE-2013-5642
30 Aug 2013 — The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request. El cont... • http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 235EXPL: 0CVE-2013-2264 – Gentoo Linux Security Advisory 201401-15
https://notcve.org/view.php?id=CVE-2013-2264
29 Mar 2013 — The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2)... • http://downloads.asterisk.org/pub/security/AST-2013-003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 232EXPL: 0CVE-2013-2686 – Gentoo Linux Security Advisory 201401-15
https://notcve.org/view.php?id=CVE-2013-2686
29 Mar 2013 — main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-59... • http://downloads.asterisk.org/pub/security/AST-2013-002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 206EXPL: 0CVE-2012-5977 – Gentoo Linux Security Advisory 201401-15
https://notcve.org/view.php?id=CVE-2012-5977
04 Jan 2013 — Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache. Asterisk Open Source v1.8.x anteriores a v1.8.19.1, v10.x anteriores a v10.11.1, ... • http://downloads.asterisk.org/pub/security/AST-2012-015 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 29%CPEs: 206EXPL: 0CVE-2012-5976 – Gentoo Linux Security Advisory 201401-15
https://notcve.org/view.php?id=CVE-2012-5976
04 Jan 2013 — Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol. Multiples vulnerabilidades de consumo en Asterisk Open Source v1.8.x anteriores a v1.8.19.1, v10.x anteriores a v10.11.1, y v1... • http://downloads.asterisk.org/pub/security/AST-2012-014 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 144EXPL: 0CVE-2012-4737
https://notcve.org/view.php?id=CVE-2012-4737
31 Aug 2012 — channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. channels/chan_iax2.c en Asterisk Open Source v... • http://downloads.asterisk.org/pub/security/AST-2012-013.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 117EXPL: 0CVE-2012-2186
https://notcve.org/view.php?id=CVE-2012-2186
31 Aug 2012 — Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action. Vulnerabilidad de lista negra incompleta en main/manager.c ... • http://downloads.asterisk.org/pub/security/AST-2012-012.html •
CVSS: 6.5EPSS: 7%CPEs: 130EXPL: 0CVE-2012-3812
https://notcve.org/view.php?id=CVE-2012-3812
09 Jul 2012 — Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox. vulnerabilidad de doble liberación en apps/app_voicemail.c en Asterisk Open Source ... • http://downloads.asterisk.org/pub/security/AST-2012-011.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 7%CPEs: 133EXPL: 0CVE-2012-3863
https://notcve.org/view.php?id=CVE-2012-3863
09 Jul 2012 — channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses. Asterisk Open Source v1.8.x anterior a v1.... • http://downloads.asterisk.org/pub/security/AST-2012-010.html • CWE-399: Resource Management Errors •