Page 6 of 36 results (0.021 seconds)

CVSS: 3.5EPSS: 93%CPEs: 4EXPL: 0

The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population. El dispositivo de canal Skinny (chan_skinny) en el Asterisk Open Source anterior al 1.4.10, el AsteriskNOW anterior al beta7, el Appliance Developer Kit anterior al 0.7.0 y el Appliance s800i before 1.0.3 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través del paquete CAPABILITIES_RES_MESSAGE con una capacidad de escrutinio mayor que el array capabilities_res_message de población. • http://downloads.digium.com/pub/asa/ASA-2007-019.pdf http://secunia.com/advisories/26340 http://www.securityfocus.com/bid/25228 http://www.securitytracker.com/id?1018536 http://www.vupen.com/english/advisories/2007/2808 https://exchange.xforce.ibmcloud.com/vulnerabilities/35870 •

CVSS: 5.0EPSS: 4%CPEs: 36EXPL: 0

The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port. La implementación STUN en Asterisk 1.4.x anterior a 1.4.8, AsteriskNOW anterior a beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos provocar denegación de servicio (caida) a través de una longitud de atributo manipulado STUN en un paquete STUN enviado a un puerto RTP. • http://ftp.digium.com/pub/asa/ASA-2007-017.pdf http://secunia.com/advisories/26099 http://www.securityfocus.com/bid/24950 http://www.securitytracker.com/id?1018407 http://www.vupen.com/english/advisories/2007/2563 https://exchange.xforce.ibmcloud.com/vulnerabilities/35480 •

CVSS: 5.0EPSS: 97%CPEs: 36EXPL: 1

The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy." El controlador de canal Skinny (chan_skinny) en Asterisk anterior a 1.2.22 y 1.4.x anterior a 1.4.8, Business Edition anterior a B.2.2.1, AsteriskNOW anterior a la beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos provocar denegación de servicio (caida) a través de ciertos valores de longitudes de datos en un paquete manipulado, lo cual deriva en un "copia de memoria demasiado larga". • https://www.exploit-db.com/exploits/4196 http://bugs.gentoo.org/show_bug.cgi?id=185713 http://ftp.digium.com/pub/asa/ASA-2007-016.pdf http://secunia.com/advisories/26099 http://secunia.com/advisories/29051 http://security.gentoo.org/glsa/glsa-200802-11.xml http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/bid/24950 http://www.securitytracker.com/id?1018407 http://www •

CVSS: 5.0EPSS: 95%CPEs: 36EXPL: 1

The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable. El gestor de dispositivo de canal IAX2 (chan_iax2) en Asterisk versiones anteriores a 1.2.22 y 1.4.x versiones anteriores a 1.4.8, Business Edition versiones anteriores a B.2.2.1, AsteriskNOW versiones anteriores a beta7, Appliance Developer Kit versiones anteriores a 0.5.0, y s800i versiones anteriores a 1.0.2 permite a atacantes remotos provocar una denegación de servicio (caída) mediante tramas (1) LAGRQ ó (2) LAGRP que contienen elementos de información de tramas IAX, que resulta en una referencia a puntero NULL cuando Asterisk no asigna apropiadamente una variable asociado. • https://www.exploit-db.com/exploits/4249 http://bugs.gentoo.org/show_bug.cgi?id=185713 http://ftp.digium.com/pub/asa/ASA-2007-015.pdf http://secunia.com/advisories/26099 http://secunia.com/advisories/29051 http://security.gentoo.org/glsa/glsa-200802-11.xml http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/bid/24950 http://www.securitytracker.com/id?1018407 http://www •

CVSS: 9.3EPSS: 18%CPEs: 36EXPL: 0

Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame. Desbordamiento de búfer basado en pila en el controlador de canal IAX2 (chan_iax2) de Asterisk anterior a 1.2.22 y 1.4.x anterior a 1.4.8, Business Edition anterior a B.2.2.1, AsteriskNOW anterior a beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos ejecutar código de su elección enviando una trama RTP larga de (1) voz o (2) vídeo. • http://bugs.gentoo.org/show_bug.cgi?id=185713 http://ftp.digium.com/pub/asa/ASA-2007-014.pdf http://secunia.com/advisories/26099 http://secunia.com/advisories/29051 http://security.gentoo.org/glsa/glsa-200802-11.xml http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/bid/24949 http://www.securitytracker.com/id?1018407 http://www.vupen.com/english/advisories/2007/2563 https:&# •