EUVD-2011-3972

Malware in sbrugna...

Design/Logic Flaw

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse...

CVE-2021-41157 FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse...

FreeSWITCH 1.10.5 SIP SUBSCRIBE Missing Authentication Exploit

FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-08-freeswitch-SIP-SUBSCRIBE-without-auth - Vendor Security Advisory:...

FreeSWITCH 1.10.5 SIP SUBSCRIBE Missing Authentication

FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-08-freeswitch-SIP-SUBSCRIBE-without-auth - Vendor Security Advisory:...

Digium Asterisk Out-of-Bounds Write (CVE-2018-7284)

An out-of-bounds write vulnerability exists in Asterisk. The vulnerability is due to improper processing of SIP SUBSCRIBE requests. Successful exploitation would result in a denial of service condition...

Digium Asterisk res_pjsip_pubsub Module SIP SUBSCRIBE Type Confusion Denial of Service (CVE-2014-6609)

A denial of service vulnerability exists in Asterisk Open Source. The vulnerability is due to the way SIP SUBSCRIBE requests with unexpected mixes of headers for a given event package are handled. Remote, unauthenticated attackers could exploit this vulnerability by sending malformed SIP SUBSCRIB...

CVE-2014-6609

The respjsippubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service crash via crafted headers in a SIP SUBSCRIBE request for an event package...

CVE-2011-4019

Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager CUCM 7.x, allows remote attackers to cause a denial of service memory consumption via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883...

Memory corruption

Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager CUCM 7.x, allows remote attackers to cause a denial of service memory consumption via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883...

CVE-2011-4019

Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager CUCM 7.x, allows remote attackers to cause a denial of service memory consumption via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883...

CVE-2011-4019

CVE-2011-4019 affects Cisco IOS 12.4 and 15.0–15.2, and Cisco Unified Communications Manager (CUCM) 7.x. The issue is a memory leak that allows remote attackers to cause denial of service by sending a crafted SIP SUBSCRIBE response. Root cause is a vulnerability in handling SIP SUBSCRIBE messages...

CVE-2010-2840

The Presence Engine PE service in Cisco Unified Presence 6.x before 6.07 and 7.x before 7.08 does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service process failure via a malformed message, aka Bug ID...