CVSS: 7.5EPSS: 6%CPEs: 13EXPL: 0CVE-2014-4048 – Asterisk Project Security Advisory - AST-2014-008
https://notcve.org/view.php?id=CVE-2014-4048
13 Jun 2014 — The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout. El controlador de canales PJSIP en Asterisk Open Source anterior a 12.3.1 permite a atacantes remotos causar una denegación de servicio (bloqueo) mediante la terminación de una solicitud de suscripción antes de que se haya completado, lo que provoca un timeout de la transacción SIP... • http://downloads.asterisk.org/pub/security/AST-2014-008.html •
CVSS: 9.1EPSS: 46%CPEs: 232EXPL: 0CVE-2014-2286 – Mandriva Linux Security Advisory 2014-078
https://notcve.org/view.php?id=CVE-2014-2286
11 Mar 2014 — main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers. main/http.c en Asterisk Open Source 1.8.x anterior a 1.8.26.1, 11.8.x anterior a 11.8.1 y 12.1.x anterior a 12.1.1 y Certified Asterisk 1.8.x anterior a 1.8.15-... • http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 27%CPEs: 232EXPL: 0CVE-2014-2287 – Mandriva Linux Security Advisory 2014-078
https://notcve.org/view.php?id=CVE-2014-2287
11 Mar 2014 — channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value. channels/chan_sip.c en Asterisk Open Source 1.8.x anterior a 1.8.2... • http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 29%CPEs: 5EXPL: 0CVE-2014-2288 – Asterisk Project Security Advisory - AST-2014-003
https://notcve.org/view.php?id=CVE-2014-2288
11 Mar 2014 — The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request. El controlador de canal PJSIP en Asterisk Open Source 12.x anterior a 12.1.1, cuando qualify_frequency "está habilitado en un AOR y el servidor SIP remoto desafía para autent... • http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 17%CPEs: 4EXPL: 0CVE-2014-2289 – Gentoo Linux Security Advisory 201405-05
https://notcve.org/view.php?id=CVE-2014-2289
11 Mar 2014 — res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference. res/res_pjsip_exten_state.c en el controlador de canal PJSIP en Asterisk Open Source 12.x anterior a 12.1.0 permite a usuarios remotos autenticados causar una denegaci´´on de servicio (caída) a través de una solicitud SUBSCRIBE sin cabeceras A... • http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 81EXPL: 1CVE-2013-7100 – Debian Security Advisory 2835-1
https://notcve.org/view.php?id=CVE-2013-7100
19 Dec 2013 — Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop. Desbordamiento de búfer en la función unpacksms16 en ... • http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 8%CPEs: 57EXPL: 0CVE-2013-5641 – Mandriva Linux Security Advisory 2013-223
https://notcve.org/view.php?id=CVE-2013-5641
30 Aug 2013 — The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information. El controlador de canal SIP (channel/chan_sip... • http://archives.neohapsis.com/archives/bugtraq/2013-08/0175.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 24%CPEs: 81EXPL: 0CVE-2013-5642 – Mandriva Linux Security Advisory 2013-223
https://notcve.org/view.php?id=CVE-2013-5642
30 Aug 2013 — The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request. El cont... • http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 206EXPL: 0CVE-2012-5977 – Gentoo Linux Security Advisory 201401-15
https://notcve.org/view.php?id=CVE-2012-5977
04 Jan 2013 — Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache. Asterisk Open Source v1.8.x anteriores a v1.8.19.1, v10.x anteriores a v10.11.1, ... • http://downloads.asterisk.org/pub/security/AST-2012-015 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 29%CPEs: 206EXPL: 0CVE-2012-5976 – Gentoo Linux Security Advisory 201401-15
https://notcve.org/view.php?id=CVE-2012-5976
04 Jan 2013 — Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol. Multiples vulnerabilidades de consumo en Asterisk Open Source v1.8.x anteriores a v1.8.19.1, v10.x anteriores a v10.11.1, y v1... • http://downloads.asterisk.org/pub/security/AST-2012-014 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •