CVSS: 7.5EPSS: 70%CPEs: 232EXPL: 0CVE-2013-2686 – Gentoo Linux Security Advisory 201401-15
https://notcve.org/view.php?id=CVE-2013-2686
29 Mar 2013 — main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-59... • http://downloads.asterisk.org/pub/security/AST-2013-002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 29%CPEs: 235EXPL: 0CVE-2013-2264 – Gentoo Linux Security Advisory 201401-15
https://notcve.org/view.php?id=CVE-2013-2264
29 Mar 2013 — The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2)... • http://downloads.asterisk.org/pub/security/AST-2013-003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 1%CPEs: 117EXPL: 0CVE-2012-2186
https://notcve.org/view.php?id=CVE-2012-2186
31 Aug 2012 — Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action. Vulnerabilidad de lista negra incompleta en main/manager.c ... • http://downloads.asterisk.org/pub/security/AST-2012-012.html •
CVSS: 6.5EPSS: 96%CPEs: 72EXPL: 0CVE-2012-2948
https://notcve.org/view.php?id=CVE-2012-2948
02 Jun 2012 — chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode. chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Certified Asterisk 1.8.11-cert antes de v1.8.11-cert2 y Asterisk Open Source v1.8.x antes de v1.8.12.1 y v10.x antes d... • http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 91%CPEs: 153EXPL: 0CVE-2012-2415
https://notcve.org/view.php?id=CVE-2012-2415
30 Apr 2012 — Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events. Desbordamiento de búfer basado en memoria dinámica en chan_skinny.c en el driver Skinny en Asterisk Open Source v1.6.2.x anterior a v1.6.2.24, v1.8.x anterior a v1.8.11.1, y v10.x anterior a v1... • http://downloads.asterisk.org/pub/security/AST-2012-005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 91%CPEs: 153EXPL: 0CVE-2012-2414
https://notcve.org/view.php?id=CVE-2012-2414
30 Apr 2012 — main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action. ... • http://downloads.asterisk.org/pub/security/AST-2012-004.html • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 5%CPEs: 153EXPL: 0CVE-2012-2416
https://notcve.org/view.php?id=CVE-2012-2416
30 Apr 2012 — chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel. chan_sip.c en el controlador de canal SIP en Asterisk Open Source v1.8.x anterior a v1.8.11.1 y v10.x anterior a v10.3.1 y Asteri... • http://downloads.asterisk.org/pub/security/AST-2012-006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 59EXPL: 1CVE-2012-0885
https://notcve.org/view.php?id=CVE-2012-0885
25 Jan 2012 — chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple. chan_sip.c en Asterisk Open Source v1.8.x antes de v1.8.8.2 y v10.x antes de v10.0.1 , cuando se usa el módulo res_srtp y el soporte mult... • http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff •
CVSS: 6.8EPSS: 96%CPEs: 2EXPL: 0CVE-2011-4063
https://notcve.org/view.php?id=CVE-2011-4063
21 Oct 2011 — chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request. chan_sip.c en el driver de canal SIP de Asterisk Open Source v1.8.x antes de v1.8.7.1 y v10.x antes de v10.0.0-rc1 no inicializa correctamente las variables durante el análisis de la petición, lo que permite provocar una denegación... • http://downloads.digium.com/pub/security/AST-2011-012.html • CWE-20: Improper Input Validation •