CVSS: 7.5EPSS: 7%CPEs: 5EXPL: 0CVE-2012-1183
https://notcve.org/view.php?id=CVE-2012-1183
18 Sep 2012 — Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet. Vulnerabilidad de desboramiento de buffer basado en memoria dinámica en la función milliwatt_generate en main/utils.c en Asterisk ... • http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 96%CPEs: 81EXPL: 1CVE-2012-1184 – Asterisk - 'ast_parse_digest()' Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2012-1184
18 Sep 2012 — Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header. Vulnerabilidad de desboramiento de buffer basado en memoria dinámica en la función ast_parse_digest en main/utils.c en Asterisk v1.8.x antes de v1.8.10.1 y v10.x antes de v10.2.1, permite a atacantes remotos provocar una de... • https://www.exploit-db.com/exploits/18855 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 144EXPL: 0CVE-2012-4737
https://notcve.org/view.php?id=CVE-2012-4737
31 Aug 2012 — channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. channels/chan_iax2.c en Asterisk Open Source v... • http://downloads.asterisk.org/pub/security/AST-2012-013.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 1%CPEs: 130EXPL: 0CVE-2012-3812
https://notcve.org/view.php?id=CVE-2012-3812
09 Jul 2012 — Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox. vulnerabilidad de doble liberación en apps/app_voicemail.c en Asterisk Open Source ... • http://downloads.asterisk.org/pub/security/AST-2012-011.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 1%CPEs: 133EXPL: 0CVE-2012-3863
https://notcve.org/view.php?id=CVE-2012-3863
09 Jul 2012 — channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses. Asterisk Open Source v1.8.x anterior a v1.... • http://downloads.asterisk.org/pub/security/AST-2012-010.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 32EXPL: 0CVE-2012-3553
https://notcve.org/view.php?id=CVE-2012-3553
19 Jun 2012 — chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948. chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Asterisk Open Source v10.x antes v10.5.1 permite a usuarios remotos autenticados provocar una denegación de servicio (el... • http://downloads.asterisk.org/pub/security/AST-2012-009.html •
CVSS: 7.5EPSS: 2%CPEs: 105EXPL: 0CVE-2012-2947
https://notcve.org/view.php?id=CVE-2012-2947
02 Jun 2012 — chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold. chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Certified Asterisk 1.8.11-cert antes de v1.8.11-cert2 y Asterisk Open Source v1.8.x antes de v1.8.12.1 y v10.x antes de v10.4.1, cuando un... • http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 1%CPEs: 208EXPL: 0CVE-2011-4597
https://notcve.org/view.php?id=CVE-2011-4597
15 Dec 2011 — The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests. La implementación de SIP sobre UDP de Asterisk Open Source 1.4.x anteriores a 1.4.43, 1.6.x anteriores a 1.6.2.21, y 1.8.x anteriores a 1.8.7.2 utiliza diferentes números de puertos para respuestas a pe... • http://archives.neohapsis.com/archives/bugtraq/2011-12/0151.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 4%CPEs: 80EXPL: 0CVE-2011-4598
https://notcve.org/view.php?id=CVE-2011-4598
15 Dec 2011 — The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests. La función handle_request_info en el archivo channels/chan_sip.c en Open Source de Asterisk versiones 1.6.2.x anteriores a 1.6.2.21 y versiones 1.8.x anteriores a 1.8.7.2, cuando automon está habilitado, permite a los at... • http://downloads.asterisk.org/pub/security/AST-2011-014.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 7%CPEs: 32EXPL: 0CVE-2011-2665
https://notcve.org/view.php?id=CVE-2011-2665
06 Jul 2011 — reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a < (less than) character. reqresp_parser.c en el controlador de canal SIP en Asterisk Open Source v1.8.x anteriores a v1.8.4.3 permite a atacantes remotos provocar una denegación de servicio (desreferencia a puntero NULL y caída del demonio) a través de un paquete SIP con una... • http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff •