CVSS: 7.8EPSS: 11%CPEs: 122EXPL: 0CVE-2008-3264
https://notcve.org/view.php?id=CVE-2008-3264
24 Jul 2008 — The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request. La implementación FWDOWNL firmware-download en Asterisk Open Source 1.0.x, 1.2.x antes de 1.2.30 y 1.4.x antes de 1.4.21.2; Business E... • http://downloads.digium.com/pub/security/AST-2008-011.html • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 1%CPEs: 40EXPL: 0CVE-2008-1390
https://notcve.org/view.php?id=CVE-2008-1390
24 Mar 2008 — The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses. El servidor AsteriskGUI HTTP en Asterisk Open Source 1.4.x antes de 1.4.19-rc3 y 1.6.x antes de 1.6.0-beta6, Busin... • http://downloads.digium.com/pub/security/AST-2008-005.html • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 31%CPEs: 5EXPL: 2CVE-2008-0095 – Asterisk 1.x - BYE Message Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-0095
08 Jan 2008 — The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference. El controlador de canal SIP de Asterisk Open Source 1.4.x versiones anteriores a 1.4.17, Business Edition versione... • https://www.exploit-db.com/exploits/30974 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 5%CPEs: 3EXPL: 0CVE-2007-4455
https://notcve.org/view.php?id=CVE-2007-4455
22 Aug 2007 — The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created. El controlador de canal SIP (chan_sip) en Asterisk Open Source 1.4.x anterior a 1.4.11, AsteriskNOW anterior a beta7, Asterisk Appliance Developer Kit 0.x an... • http://downloads.digium.com/pub/asa/AST-2007-020.html •
CVSS: 6.5EPSS: 2%CPEs: 4EXPL: 0CVE-2007-4280
https://notcve.org/view.php?id=CVE-2007-4280
09 Aug 2007 — The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population. El dispositivo de canal Skinny (chan_skinny) en el Asterisk Open Source anterior al 1.4.10, el AsteriskNOW anterior al beta7, el A... • http://downloads.digium.com/pub/asa/ASA-2007-019.pdf •
CVSS: 9.8EPSS: 9%CPEs: 36EXPL: 0CVE-2007-3762
https://notcve.org/view.php?id=CVE-2007-3762
18 Jul 2007 — Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame. Desbordamiento de búfer basado en pila en el controlador de canal IAX2 (chan_iax2) de Asterisk anterior a 1.2.22 y 1.4.x anterior a 1.4.8, Business Edition anterior a B.2.2.... • http://bugs.gentoo.org/show_bug.cgi?id=185713 •
CVSS: 7.5EPSS: 29%CPEs: 36EXPL: 1CVE-2007-3763 – Asterisk < 1.2.22/1.4.8 - IAX2 Channel Driver Remote Crash
https://notcve.org/view.php?id=CVE-2007-3763
18 Jul 2007 — The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable. El gestor de dispositivo de canal IAX2 (chan_iax... • https://www.exploit-db.com/exploits/4249 •
CVSS: 7.5EPSS: 45%CPEs: 36EXPL: 1CVE-2007-3764 – Asterisk < 1.2.22/1.4.8/2.2.1 - 'chan_skinny' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-3764
18 Jul 2007 — The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy." El controlador de canal Skinny (chan_skinny) en Asterisk anterior a 1.2.22 y 1.4.x anterior a 1.4.8, Business Edition anterior a B.2.2.1, Asteris... • https://www.exploit-db.com/exploits/4196 •
CVSS: 7.5EPSS: 0%CPEs: 36EXPL: 0CVE-2007-3765
https://notcve.org/view.php?id=CVE-2007-3765
18 Jul 2007 — The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port. La implementación STUN en Asterisk 1.4.x anterior a 1.4.8, AsteriskNOW anterior a beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos provocar denegación de servicio (caida) a través d... • http://ftp.digium.com/pub/asa/ASA-2007-017.pdf •