518 matches found
DEBIAN-CVE-2014-8415
Race condition in the chanpjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service assertion failure and crash via a cancel request for a SIP session with a queued action to 1 answer a session or 2 send ringing...
Cisco IOS XE Software SIP DoS (cisco-sa-20140924-sip)
According to its self-reported version, the version of Cisco IOS XE running on the remote host is affected by a vulnerability in the Session Initiation Protocol SIP implementation due to improper handling of SIP messages. A remote attacker can exploit this issue by sending specially crafted SIP...
Cisco IOS Software Network Address Translation (NAT) ALG Module DoS (cisco-sa-20140924-nat)
According to its self-reported version, the version of Cisco IOS running on the remote host is affected by a denial of service vulnerability in the Network Address Translation NAT application-layer gateway ALG module. This issue exists due to improper handling of multipart Session Description...
Cisco Unified Communications Manager SIP Subsystem Vulnerability
A vulnerability in the Session Initiation Protocol SIP subsystem of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to trigger a denial of service condition. The vulnerability is due to a failure by the SIP subsystem to properly sanitize...
KPhone 2.x/3.x/4.0.1 Malformed STUN Packet Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10159/info A denial of service vulnerability has been reported in KPhone. This issue may be triggered by a malformed SIP Session Initiation Protocol STUN message. This is due to insufficient validation of user-specified...
AGEphone 1.28/1.38 SIP Packet Handling Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19148/info AGEphone is prone to a remote buffer-overflow vulnerability. Specifically, this issue presents itself when the application handles a malicious SIP Session Initiation Protocol packet. AGEphone versions 1.24 and...
PT-2014-4512 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: A memory leak in the SIP inspection engine allows remote attackers to cause a denial of service via crafted SIP packets. This issue affects the Sessio...
Cisco Patches DoS, VPN Issues, Looking Into Heartbleed Impact
Cisco patched four different vulnerabilities this week in one of its core operating systems and is now is beginning to look into the potential impact of this week’s Heartbleed vulnerability in at least 60 of its other products. The patches, released yesterday, fix problems in the company’s Adapti...
PT-2014-1323 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions 8.2 before 8.25.48 Cisco Adaptive Security Appliance ASA Software versions 8.4 before 8.46.5 Cisco Adaptive Security Appliance ASA Software versions 9.0 before 9.03.1 Cisco Adaptive...
wireshark: SIP dissector could go into an infinite loop (wnpa-sec-2013-66)
The dissectsipcommon function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...
Cisco 9900 Series IP Phone Crafted Header Unregister Vulnerability
A vulnerability in Session Initiation Protocol SIP header processing of Cisco fourth-generation IP phones could allow an unauthenticated, remote attacker to cause the IP phone to unregister. The vulnerability is due to improper SIP header processing. An attacker could exploit this vulnerability b...
DEBIAN-CVE-2013-7112
The dissectsipcommon function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability (cisco-sa-20131106-sip)
A vulnerability exists in the Session Initiation Protocol SIP implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or cause memory leaks that may result in system instabilities. To exploit this vulnerability, affected...
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
A vulnerability exists in the Session Initiation Protocol SIP implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or cause memory leaks that may result in system instabilities. To exploit this vulnerability, affected...
CVE-2013-5555
Cisco Unified Communications Manager aka CUCM or Unified CM allows remote attackers to cause a denial of service service restart via a crafted SIP message, aka Bug ID CSCub54349...
DEBIAN-CVE-2013-5642
The SIP channel driver channels/chansip.c in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote...
DEBIAN-CVE-2013-5641
The SIP channel driver channels/chansip.c in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service NULL pointer dereference,...
CVE-2013-5642
The SIP channel driver channels/chansip.c in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote...
UBUNTU-CVE-2013-5642
The SIP channel driver channels/chansip.c in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote...
DEBIAN-CVE-2013-2264
The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition BE C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits...