Lucene search
+L

17 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-8253

Malware in sbrugna...

5CVSS6.2AI score0.0431EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2014-3979

Malware in sbrugna...

4.3CVSS6.2AI score0.02769EPSS
Exploits0References4
Prion
Prion
added 2017/12/27 5:8 p.m.15 views

Authentication flaw

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel...

5CVSS7.5AI score0.75351EPSS
Exploits0References4Affected Software2
Debian CVE
Debian CVE
added 2015/02/09 11:0 a.m.30 views

CVE-2015-1558

Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service file descriptor consumption via an SDP offer containing only incompatible codecs...

3.5CVSS6.2AI score0.0303EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/02/06 12:0 a.m.19 views

Asterisk chan_pjsip Incompatible Codecs DoS (AST-2015-001)

According to its SIP banner, the version of Asterisk running on the remote host has a flaw in which it fails to reclaim allocated RTP ports whenever a connection is made to an authenticated endpoint whose SPD offers only codecs that are not allowed by Asterisk. An attacker could exploit this...

5.6AI score
Exploits0References2
NVD
NVD
added 2014/11/24 3:59 p.m.22 views

CVE-2014-8416

Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the respjsiprefer module, allows remote attackers to cause a denial of service crash via an in-dialog INVITE with Replaces message, which triggers the channel to ...

5CVSS6.5AI score0.0431EPSS
Exploits0References1
NVD
NVD
added 2014/06/17 2:55 p.m.27 views

CVE-2014-4048

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service deadlock by terminating a subscription request before it is complete, which triggers a SIP transaction timeout...

4.3CVSS6.5AI score0.02769EPSS
Exploits0References3
NVD
NVD
added 2014/06/17 2:55 p.m.27 views

CVE-2014-4045

The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when subminexpiry is set to zero, allows remote attackers to cause a denial of service assertion failure and crash via an unsubscribe request when not subscribed to the device...

4.3CVSS6.5AI score0.02769EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2014/06/17 2:55 p.m.42 views

CVE-2014-4048

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service deadlock by terminating a subscription request before it is complete, which triggers a SIP transaction timeout...

4.3CVSS5.9AI score0.02769EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2014/06/17 2:55 p.m.43 views

CVE-2014-4045

The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when subminexpiry is set to zero, allows remote attackers to cause a denial of service assertion failure and crash via an unsubscribe request when not subscribed to the device...

4.3CVSS5.9AI score0.02769EPSS
Exploits0References2
Prion
Prion
added 2014/06/17 2:55 p.m.23 views

Cross site request forgery (csrf)

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service deadlock by terminating a subscription request before it is complete, which triggers a SIP transaction timeout...

4.3CVSS7.1AI score0.02769EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/06/17 2:0 p.m.31 views

CVE-2014-4048

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service deadlock by terminating a subscription request before it is complete, which triggers a SIP transaction timeout...

6.5AI score0.02769EPSS
Exploits0References3
CVE
CVE
added 2014/06/17 2:0 p.m.73 views

CVE-2014-4048

CVE-2014-4048 affects the Asterisk Open Source PJSIP Channel Driver up to version 12.3.0. An attacker (remote, potentially after bypassing authentication per AST-2014-008) can terminate a subscription before it completes, triggering a SIP transaction timeout and causing a deadlock in the thread s...

4.3CVSS6.6AI score0.02769EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2014/04/18 10:14 p.m.28 views

Null pointer dereference

res/respjsipextenstate.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service crash via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference...

3.5CVSS6.5AI score0.0218EPSS
Exploits0References5Affected Software1
securityvulns
securityvulns
added 2014/03/13 12:0 a.m.62 views

AST-2014-004: Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling

Asterisk Project Security Advisory - AST-2014-004 Product Asterisk Summary Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling Nature of Advisory Denial of Service Susceptibility Remote Authenticated Sessions Severity Moderate Exploits Known No Reported On January 14th, 2014...

3.5CVSS0.3AI score0.0218EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/03/12 12:0 a.m.39 views

FreeBSD : asterisk -- multiple vulnerabilities (03159886-a8a3-11e3-8f36-0025905a4771)

The Asterisk project reports : Stack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request. Denial of...

7.5CVSS7.5AI score0.1639EPSS
Exploits2References8
FreeBSD
FreeBSD
added 2014/03/10 12:0 a.m.48 views

asterisk -- multiple vulnerabilities

The Asterisk project reports: Stack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request. Denial of...

7.5CVSS7.8AI score0.1639EPSS
Exploits2References4
Rows per page
Query Builder