Lucene search
K

32 matches found

OSV
OSV
added 2011/12/15 3:57 a.m.5 views

DEBIAN-CVE-2011-4597

The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series ...

5CVSS6.5AI score0.03277EPSS
Exploits1References1
OSV
OSV
added 2011/06/06 7:55 p.m.5 views

CVE-2011-2216

reqrespparser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a malformed Contact header...

6.7AI score
Exploits0References9
OSV
OSV
added 2011/04/27 12:55 a.m.8 views

CVE-2011-1599

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated use...

7.1AI score0.0313EPSS
Exploits0References12
OSV
OSV
added 2009/12/02 11:30 a.m.9 views

CVE-2009-4055

rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of...

6.4AI score0.02829EPSS
Exploits1References18
OSV
OSV
added 2009/01/14 11:30 p.m.7 views

CVE-2009-0041

IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on...

6.3AI score0.02715EPSS
Exploits1References11
OSV
OSV
added 2007/07/18 5:30 p.m.10 views

CVE-2007-3765

The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service crash via a crafted STUN length attribute in a STUN packet sent on an RTP port...

6.4AI score
Exploits0References7
OSV
OSV
added 2006/08/24 8:4 p.m.10 views

CVE-2006-4345

Stack-based buffer overflow in channels/chanmgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint AUEP response...

7.8AI score
Exploits0References13
OSV
OSV
added 2006/04/18 8:2 p.m.10 views

CVE-2006-1827

Integer signedness error in formatjpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length...

7.8AI score0.0687EPSS
Exploits1References10
FreeBSD
FreeBSD
added 2004/01/13 12:0 a.m.52 views

Vulnerabilities in H.323 implementations

The NISCC and the OUSPG developed a test suite for the H.323 protocol. This test suite has uncovered vulnerabilities in several H.323 implementations with impacts ranging from denial-of-service to arbitrary code execution. In the FreeBSD Ports Collection, pwlib' is directly affected. Other...

10CVSS7AI score0.10309EPSS
Exploits0References3
OSV
OSV
added 2003/09/22 4:0 a.m.7 views

CVE-2003-0779

SQL injection vulnerability in the Call Detail Record CDR logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string...

8.5AI score0.0144EPSS
Exploits1References2
securityvulns
securityvulns
added 2003/09/16 12:0 a.m.26 views

asterisk multiple bugs

Buffer overflow during SIP negotiation, SQL injection...

4AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2003/09/08 12:0 a.m.25 views

[NEWS] Asterisk SIP Implementation Issue

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Exploits0
Rows per page
Query Builder