Lucene search
K
AsteriskAsterisk Appliance Developer Kit

13 matches found

CVE
CVE
added 2007/07/18 5:0 p.m.87 views

CVE-2007-3763

CVE-2007-3763 is an issue in the Asterisk IAX2 channel driver (chan_iax2). The vulnerability is a NULL pointer dereference caused by processing crafted LAGRQ/LAGRP frames containing IAX information elements, which can crash the system and cause a denial of service. Affected products/versions (as ...

5CVSS7.2AI score0.2656EPSS
CVE
CVE
added 2007/07/18 5:0 p.m.86 views

CVE-2007-3762

CVE-2007-3762 is a buffer overflow in Asterisk’s IAX2 channel driver (chan_iax2) that could allow remote code execution by sending a long RTP frame. Affected: Asterisk

9.3CVSS7.9AI score0.05506EPSS
CVE
CVE
added 2008/04/23 12:0 a.m.86 views

CVE-2008-1897

The CVE-2008-1897 issue affects the IAX2 channel driver in Asterisk Open Source (various 1.0.x, 1.2.x before 1.2.28, 1.4.x before 1.4.19.1; AsteriskNOW; Business Editions; and s800i prior to listed versions). The vulnerability arises when unauthenticated calls are allowed and the ACK response doe...

4.3CVSS6.5AI score0.02743EPSS
CVE
CVE
added 2008/03/20 12:0 a.m.83 views

CVE-2008-1332

CVE-2008-1332 affects Asterisk and several build variants (1.2.x up to 1.2.27; 1.4.x up to 1.4.18.1 and 1.4.19-rc3; AsteriskNOW, Business/Community editions, Appliance Kit, s800i) and allows remote attackers to access the SIP channel driver via a crafted From header, bypassing authentication. Con...

8.8CVSS6.2AI score0.02327EPSS
CVE
CVE
added 2007/07/18 5:0 p.m.79 views

CVE-2007-3764

CVE-2007-3764 affects the Skinny channel driver (chan_skinny) in Asterisk and related builds (Asterisk 1.2.x/1.4.x, Business Edition, AsteriskNOW, Appliance Developer Kit, s800i). The flaw is triggered by a crafted packet with an incorrect data length value, causing an

5CVSS7.1AI score0.3152EPSS
CVE
CVE
added 2007/08/09 9:0 p.m.73 views

CVE-2007-4280

The CVE-2007-4280 issue affects the Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3. The vulnerability arises when processing a CAPABILITIES_RES_MESSAGE packet containing a ...

3.5CVSS6.1AI score0.01149EPSS
CVE
CVE
added 2008/03/24 5:0 p.m.72 views

CVE-2008-1390

CVE-2008-1390 affects the AsteriskGUI HTTP server as used in Asterisk Open Source 1.4.x (before 1.4.19-rc3) and 1.6.x (before 1.6.0-beta6), plus various bundles. The vulnerability arises from generating insufficiently random manager ID values, which can allow remote attackers to hijack a manager ...

9.3CVSS6.3AI score0.03837EPSS
CVE
CVE
added 2007/08/22 1:0 a.m.70 views

CVE-2007-4455

The CVE-2007-4455 issue affects the SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x up to 1.4.11, AsteriskNOW up to beta7, Asterisk Appliance Developer Kit 0.x up to 0.8.0, and s800i (Asterisk Appliance) up to 1.0.3. The vulnerability allows remote attackers to cause a denial of servi...

5CVSS6.5AI score0.01775EPSS
CVE
CVE
added 2008/07/24 3:18 p.m.70 views

CVE-2008-3264

CVE-2008-3264 describes a DoS via the IAX2 FWDOWNL (firmware download) path in Asterisk and related packages. Affected: Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer...

7.8CVSS6.3AI score0.0338EPSS
CVE
CVE
added 2008/01/08 2:0 a.m.69 views

CVE-2008-0095

Asterisk Open Source 1.4.x (and related editions) is affected by a remote DoS via a crafted BYE message containing an Also header, triggering a NULL pointer dereference and daemon crash. The vulnerable range includes 1.4.x before 1.4.17, with affected builds in Business Edition before C.1.0-beta8...

5CVSS6.3AI score0.25423EPSS
Web
CVE
CVE
added 2008/03/24 5:0 p.m.66 views

CVE-2008-1289

CVE-2008-1289 describes memory corruption in Asterisk via RTP payload handling and SDP processing. Specifically, multiple buffer overflows allow remote attackers to write arbitrary memory: (1) by sending a large RTP payload number to affect ast_rtp_unset_m_type in main/rtp.c, and (2) by a large v...

7.5CVSS6.6AI score0.11523EPSS
CVE
CVE
added 2008/04/23 4:0 p.m.66 views

CVE-2008-1923

The CVE-2008-1923 issue affects the IAX2 channel driver (chan_iax2) in Asterisk 1.2.x (before r72630) and 1.4.x (before r65679). When configured to allow unauthenticated calls, it sends early audio to an unverified source IP address of a NEW message, enabling remote attackers to trigger a denial ...

7.1CVSS6.4AI score0.014EPSS
CVE
CVE
added 2007/07/18 5:0 p.m.58 views

CVE-2007-3765

The CVE-2007-3765 entry corresponds to a remote crash vulnerability in Asterisk’s STUN implementation. Affected are Asterisk Open Source 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2. The flaw arises when parsing inbound STUN attributes...

5CVSS6.4AI score0.0169EPSS