Lucene search
+L

1249 matches found

nessus
nessus
added 2012/01/16 12:0 a.m.36 views

FreeBSD : Multiple implementations -- DoS via hash algorithm collision (91be81e7-3fea-11e1-afc7-2c4138874f7d)

oCERT reports : A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue finds particul...

7.8CVSS7.1AI score0.0436EPSS
Exploits3References7
securityvulns
securityvulns
added 2010/02/05 12:0 a.m.33 views

chrony multiple security vulnerabilities

Traffic amplification, resources exhaustion...

5CVSS2.1AI score0.0272EPSS
Exploits0References1Affected Software1
metasploit
metasploit
added 2010/01/27 11:25 p.m.100 views

NTP Monitor List Scanner

This module identifies NTP servers which permit "monlist" queries and obtains the recent clients list. The monlist feature allows remote attackers to cause a denial of service traffic amplification via spoofed requests. The more clients there are in the list, the greater the amplification. This...

5CVSS7.5AI score0.97755EPSS
Exploits23
nessus
nessus
added 2009/01/22 12:0 a.m.2523 views

DNS Server Spoofed Request Amplification DDoS

The remote DNS server answers to any request. It is possible to query the name servers NS of the root zone '.' and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack...

5CVSS8.2AI score0.5726EPSS
Exploits2References2
nessus
nessus
added 2008/07/31 12:0 a.m.24 views

Fedora 9 : asterisk-1.6.0-0.19.beta9.fc9 (2008-6853)

Security fixes for CVE-2008-3263 / AST-2008-010 and CVE-2008-3264 / AST-2008-011: AST-2008-010: Asterisk IAX 'POKE' resource exhaustion - http://downloads.digium.com/pub/security/AST-2008-010.html AST-2008-011: Traffic amplification in IAX2 firmware provisioning system -...

7.8CVSS5.3AI score0.28EPSS
Exploits2References4
prion
prion
added 2008/07/24 3:41 p.m.23 views

Server side request forgery (ssrf)

The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers t...

7.8CVSS6.7AI score0.0338EPSS
Exploits1References11Affected Software4
nvd
nvd
added 2008/07/24 3:41 p.m.15 views

CVE-2008-3264

The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers t...

7.8CVSS6.4AI score0.0338EPSS
Exploits1References11
ubuntucve
ubuntucve
added 2008/07/24 3:41 p.m.25 views

CVE-2008-3264

The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers t...

7.8CVSS5.9AI score0.0338EPSS
Exploits1References1
osv
osv
added 2008/07/24 3:41 p.m.5 views

CVE-2008-3264

The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers t...

6.4AI score
Exploits0References11
cvelist
cvelist
added 2008/07/24 3:18 p.m.25 views

CVE-2008-3264

The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers t...

6.3AI score0.0338EPSS
Exploits1References11
securityvulns
securityvulns
added 2008/07/24 12:0 a.m.34 views

Asterisk multiple security vulnerabilities

Traffic amplification, DoS with resouurces exhaustion...

7.8CVSS2.4AI score0.28EPSS
Exploits2References1Affected Software1
nessus
nessus
added 2008/07/24 12:0 a.m.32 views

Fedora 8 : asterisk-1.4.21.2-1.fc8 (2008-6676)

Update to 1.4.21.2 to fix CVE-2008-3263 / AST-2008-010 and CVE-2008-3264 / AST-2008-011. AST-2008-010: Asterisk IAX 'POKE' resource exhaustion - http://downloads.digium.com/pub/security/AST-2008-010.html AST-2008-011: Traffic amplification in IAX2 firmware provisioning system -...

7.8CVSS5.3AI score0.28EPSS
Exploits2References5
nessus
nessus
added 2008/07/24 12:0 a.m.37 views

Asterisk IAX2 FWDOWNL Request Spoofing Remote DoS

The firmware download protocol implemented in the version of Asterisk running on the remote host does not initiate a handshake. By spoofing an IAX2 FWDOWNL request, an unauthenticated, remote attacker may be able to leverage this issue to flood a third-party host with unwanted firmware packets fr...

7.8CVSS5.5AI score0.0338EPSS
Exploits1References3
prion
prion
added 2008/05/06 3:20 p.m.17 views

Code injection

Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service CPU consumption and network traffic amplification via a crafted SCTP packet...

7.8CVSS7AI score0.01978EPSS
Exploits0References7Affected Software1
cvelist
cvelist
added 2008/05/06 3:0 p.m.25 views

CVE-2008-2090

Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service CPU consumption and network traffic amplification via a crafted SCTP packet...

6.5AI score0.01978EPSS
Exploits0References7
cve
cve
added 2008/05/06 3:0 p.m.57 views

CVE-2008-2090

Affected software: Sun Solaris 10 (SCTP protocol implementation).Vulnerability: Unspecified SCTP handling could allow remote attackers to cause denial of service via crafted SCTP packets, leading to CPU consumption and network traffic amplification.Impact: CVSS base score 7.8 (HIGH) with network ...

7.8CVSS6.5AI score0.01978EPSS
Exploits0References7Affected Software1
nessus
nessus
added 2008/05/06 12:0 a.m.43 views

Asterisk IAX2 Multiple Method Handshake Spoofing DoS

The version of Asterisk running on the remote host does not properly validate an IAX2 handshake. By spoofing NEW and ACK messages, an unauthenticated, remote attacker may be able to leverage this issue to flood a third-party host with packets from the affected host containing audio data. C Tenabl...

7.1CVSS5.5AI score0.02743EPSS
Exploits1References5
seebug
seebug
added 2008/04/25 12:0 a.m.38 views

Asterisk IAX2报文放大远程拒绝服务漏洞

BUGTRAQ ID: 28901 CVECAN ID: CVE-2008-1897 Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。 Asterisk在处理呼叫的机制上存在漏洞,远程攻击者可能利用此漏洞对第三方机器执行拒绝服务攻击。 IAX2协议允许ICNEW报文启动呼叫。ICNEW报文是18字节长的UDP报文,而呼叫可能非常长,包含有很多数据。由于UDP是可以伪造的,因此远程攻击者可以在IAX2握手期间欺骗IAX2握手,导致Asterisk服务器向目标发送大量数据,造成网络堵塞。 Asterisk Asterisk 1.4.x Asterisk Asterisk...

4.3CVSS1AI score0.02743EPSS
Exploits1
osv
osv
added 2008/04/23 4:5 p.m.5 views

DEBIAN-CVE-2008-1897

The IAX2 channel driver chaniax2 in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow...

4.3CVSS6.9AI score0.02743EPSS
Exploits1References1
prion
prion
added 2008/04/23 4:5 p.m.26 views

Code injection

The IAX2 channel driver chaniax2 in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service traffic...

7.1CVSS6.8AI score0.014EPSS
Exploits0References4Affected Software4
Rows per page
Query Builder