CVSS: 9.0EPSS: 0%CPEs: 117EXPL: 0CVE-2012-2186
https://notcve.org/view.php?id=CVE-2012-2186
31 Aug 2012 — Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action. Vulnerabilidad de lista negra incompleta en main/manager.c ... • http://downloads.asterisk.org/pub/security/AST-2012-012.html •
CVSS: 6.5EPSS: 7%CPEs: 130EXPL: 0CVE-2012-3812
https://notcve.org/view.php?id=CVE-2012-3812
09 Jul 2012 — Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox. vulnerabilidad de doble liberación en apps/app_voicemail.c en Asterisk Open Source ... • http://downloads.asterisk.org/pub/security/AST-2012-011.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 7%CPEs: 133EXPL: 0CVE-2012-3863
https://notcve.org/view.php?id=CVE-2012-3863
09 Jul 2012 — channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses. Asterisk Open Source v1.8.x anterior a v1.... • http://downloads.asterisk.org/pub/security/AST-2012-010.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 4%CPEs: 105EXPL: 0CVE-2012-2947
https://notcve.org/view.php?id=CVE-2012-2947
02 Jun 2012 — chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold. chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Certified Asterisk 1.8.11-cert antes de v1.8.11-cert2 y Asterisk Open Source v1.8.x antes de v1.8.12.1 y v10.x antes de v10.4.1, cuando un... • http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 3%CPEs: 72EXPL: 0CVE-2012-2948
https://notcve.org/view.php?id=CVE-2012-2948
02 Jun 2012 — chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode. chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Certified Asterisk 1.8.11-cert antes de v1.8.11-cert2 y Asterisk Open Source v1.8.x antes de v1.8.12.1 y v10.x antes d... • http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html • CWE-399: Resource Management Errors •