120 matches found
Asterisk Open Source and Certified Asterisk RTP Resource Exhaustion DoS Vulnerability
Asterisk Open Source and Certified Asterisk are prone to a remote denial of service DoS vulnerability. This VT has been deprecated since this check is already covered in SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyrigh...
Asterisk Open Source and Certified Asterisk 'chan_sip' authentication bypass vulnerability
Digium Asterisk Open Source is an open source telephone exchange PBX system software from Digium. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR and so on. A security vulnerability exists in Digium Asterisk Open Source. An attacker could exploit th...
Digium Asterisk Denial of Service Vulnerability
Digium Asterisk is a set of open source telephone exchange PBX system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR and so on. A security vulnerability exists in Digium Asterisk. An attacker could exploit the vulnerabili...
Digium Asterisk PJSIP Stack ACK Denial of Service
A denial of service vulnerability exists in Digium Asterisk when the PJSIP stack is used. The vulnerability is due to improper processing of ACKs from an unrecognized endpoint, that causes a NULL pointer dereference. A remote unauthenticated attacker can exploit this vulnerability by sending an A...
Asterisk TLS Certificate Common Name NULL Byte Vulnerability (AST-2015-003)
Asterisk is prone to a certificate bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk"; if...
Digium Asterisk PJSIP Channel Driver REGISTER Denial of Service
A denial of service vulnerability exists in Digium Asterisk. The vulnerability is due to errors when processing incoming REGISTER requests with lengthy Contact Header URI. A remote authenticated attacker can exploit this vulnerability to cause a denial of service condition...
Digium Asterisk res_pjsip_pubsub Module SIP SUBSCRIBE Type Confusion Denial of Service (CVE-2014-6609)
A denial of service vulnerability exists in Asterisk Open Source. The vulnerability is due to the way SIP SUBSCRIBE requests with unexpected mixes of headers for a given event package are handled. Remote, unauthenticated attackers could exploit this vulnerability by sending malformed SIP SUBSCRIB...
Digium Asterisk Manager User Shell Command Execution - Ver2 (CVE-2012-2414)
A security bypass vulnerability has been reported in Digium Asterisk. The vulnerability is due to an error in the way the server validates permissions while executing shell commands from unauthorized users. A remote attacker can exploit this issue by sending specially crafted AMI requests to the...
Digium Asterisk HTTP Connections Denial of Service (CVE-2014-4047)
A denial of service vulnerability exists in Digium Asterisk. The vulnerability is due to the way HTTP sessions are being handled. A remote, unauthenticated attacker can exploit this vulnerability by establishing an excessive number of TCP connections to the configured HTTP or HTTPS port...
Digium Asterisk File Descriptor Invalid Headers Syntax Denial of Service (CVE-2014-2287)
A denial of service condition has been reported in Digium Asterisk. The vulnerability is due to file descriptor exhaustion from a large number of invalid SIP INVITE requests. A remote attacker can exploit this vulnerability to cause a denial of service condition...
Digium Asterisk Cookie Stack Overflow (CVE-2014-2286)
A stack-overflow vulnerability has been reported in Digium Asterisk. The vulnerability is due to insufficient validation of Cookie: headers in HTTP requests sent to the HTTP management interface. A remote attacker can exploit this vulnerability to cause a denial-of-service condition...
Digium Asterisk File Descriptor Denial of Service (CVE-2014-2287)
A denial of service vulnerability has been reported in Digium Asterisk. The vulnerability is due to file descriptor exhaustion from a large number of crafted SIP INVITE requests. A remote attacker can exploit this vulnerability to cause a denial of service condition...
Digium Asterisk SIP Invalid SDP Media Descriptions Denial of Service (CVE-2013-5642)
A denial of service vulnerability exists in Asterisk Open Source, Certified Asterisk and Asterisk with Digiumphones...
Digium Asterisk SIP Terminated Channel ACK with SDP Denial of Service (CVE-2013-5641)
A denial of service vulnerability exists in Asterisk Open Source and Certified Asterisk...
UBUNTU-CVE-2013-5642
The SIP channel driver channels/chansip.c in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote...
Digium Asterisk SIP Channel Driver Denial Of Service - High Confidence (CVE-2011-4063)
A denial of service vulnerability has been reported in Digium Asterisk. The vulnerability is due to an error in Asterisk's SIP channel driver while handling malformed REGISTER requests. A remote attacker may exploit this vulnerability by sending a specially crafted REGISTER request to an affected...
Digium Asterisk HTTP Management Interface Stack Overflow (CVE-2012-5976; CVE-2013-2686)
A stack overflow vulnerability has been reported in Digium Asterisk. The vulnerability is due to an unchecked memory allocation on the stack, which can result in a stack overflow or writing of attacker-controlled data to arbitrary memory locations. A remote attacker can use this vulnerability by...
Digium Asterisk IAX2 POKE Request Denial of Service (CVE-2008-3263)
A denial of service vulnerability has been reported in Digium Asterisk...
Digium Asterisk Manager User Shell Command Execution (CVE-2012-2414)
A security bypass vulnerability has been reported in Digium Asterisk...
Digium Asterisk Skinny Channel Driver Heap Buffer Overflow (CVE-2012-2415)
A heap buffer overflow vulnerability has been reported in Digium Asterisk...