CVSS: 7.5EPSS: 4%CPEs: 105EXPL: 0CVE-2012-2947 – Debian Security Advisory 2493-1
https://notcve.org/view.php?id=CVE-2012-2947
29 May 2012 — chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold. chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Certified Asterisk 1.8.11-cert antes de v1.8.11-cert2 y Asterisk Open Source v1.8.x antes de v1.8.12.1 y v10.x antes de v10.4.1, cuando un... • http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2012-1183 – Gentoo Linux Security Advisory 201203-21
https://notcve.org/view.php?id=CVE-2012-1183
29 Mar 2012 — Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet. Vulnerabilidad de desboramiento de buffer basado en memoria dinámica en la función milliwatt_generate en main/utils.c en Asterisk ... • http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 41%CPEs: 81EXPL: 1CVE-2012-1184 – Asterisk - 'ast_parse_digest()' Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2012-1184
29 Mar 2012 — Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header. Vulnerabilidad de desboramiento de buffer basado en memoria dinámica en la función ast_parse_digest en main/utils.c en Asterisk v1.8.x antes de v1.8.10.1 y v10.x antes de v10.2.1, permite a atacantes remotos provocar una de... • https://www.exploit-db.com/exploits/18855 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 208EXPL: 1CVE-2011-4597 – Debian Security Advisory 2367-1
https://notcve.org/view.php?id=CVE-2011-4597
15 Dec 2011 — The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests. La implementación de SIP sobre UDP de Asterisk Open Source 1.4.x anteriores a 1.4.43, 1.6.x anteriores a 1.6.2.21, y 1.8.x anteriores a 1.8.7.2 utiliza diferentes números de puertos para respuestas a pe... • https://packetstorm.news/files/id/108122 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 80EXPL: 0CVE-2011-4598 – Debian Security Advisory 2367-1
https://notcve.org/view.php?id=CVE-2011-4598
15 Dec 2011 — The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests. La función handle_request_info en el archivo channels/chan_sip.c en Open Source de Asterisk versiones 1.6.2.x anteriores a 1.6.2.21 y versiones 1.8.x anteriores a 1.8.7.2, cuando automon está habilitado, permite a los at... • http://downloads.asterisk.org/pub/security/AST-2011-014.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 195EXPL: 0CVE-2011-2535 – Debian Security Advisory 2276-2
https://notcve.org/view.php?id=CVE-2011-2535
06 Jul 2011 — chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame. chan_iax2.c en el controlador de canal IAX2 en Asterisk Open Source v1.4.x anteriores a v1.4.41.1, v1.6.2.x anteriores a v... • http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 158EXPL: 0CVE-2011-2666 – Gentoo Linux Security Advisory 201110-21
https://notcve.org/view.php?id=CVE-2011-2666
06 Jul 2011 — The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536. La configuración por defecto del controlador del canal SIP en Asterisk Open Source 1.4.x hasta 1.1.41.2 y 1.6.2.x hasta... • http://downloads.asterisk.org/pub/security/AST-2011-011.html • CWE-16: Configuration •
CVSS: 7.5EPSS: 2%CPEs: 32EXPL: 0CVE-2011-2665 – Gentoo Linux Security Advisory 201110-21
https://notcve.org/view.php?id=CVE-2011-2665
06 Jul 2011 — reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a < (less than) character. reqresp_parser.c en el controlador de canal SIP en Asterisk Open Source v1.8.x anteriores a v1.8.4.3 permite a atacantes remotos provocar una denegación de servicio (desreferencia a puntero NULL y caída del demonio) a través de un paquete SIP con una... • http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff •
CVSS: 9.8EPSS: 3%CPEs: 162EXPL: 0CVE-2011-2529 – Debian Security Advisory 2276-2
https://notcve.org/view.php?id=CVE-2011-2529
06 Jul 2011 — chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet. chan_sip.c en el controlador de canal SIP en Asterisk Open Source v1.6.x anterior a v1.6.2.18.1 y v1.8.x anteriores a v1.8.4.3 no manejan adecuadamente los caracteres '\0' en los paquetes SIP, lo que pe... • http://downloads.asterisk.org/pub/security/AST-2011-008.diff • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 198EXPL: 0CVE-2011-2536 – Gentoo Linux Security Advisory 201110-21
https://notcve.org/view.php?id=CVE-2011-2536
29 Jun 2011 — chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests. chan_sip.c en el controlador de canal SIP en Asterisk Open Source v1.4.x anteriores a v1.4.41.2,... • http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •