Asterisk@1.2.10 Security Vulnerabilities and Issues — Asterisk@1.2.10 CVE List

Lucene search

DigiumAsterisk1.2.10

8 matches found

CVE•added 2006/10/23 5:7 p.m.•85 views

CVE-2006-5444

Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads...

7.5CVSS7.7AI score0.8691EPSS

CVE•added 2009/11/10 6:30 p.m.•69 views

CVE-2009-3727

Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages ...

5CVSS6.2AI score0.0072EPSS

CVE•added 2009/12/02 11:30 a.m.•69 views

CVE-2009-4055

rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of ser...

5CVSS6.2AI score0.00449EPSS

CVE•added 2007/03/07 12:19 a.m.•64 views

CVE-2007-1306

Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.

7.8CVSS6.2AI score0.18701EPSS

CVE•added 2006/10/23 5:7 p.m.•60 views

CVE-2006-5445

Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses ...

7.8CVSS6.4AI score0.07928EPSS

CVE•added 2010/02/23 8:30 p.m.•59 views

CVE-2010-0685

The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters...

5CVSS6.6AI score0.00093EPSS

CVE•added 2006/08/24 8:4 p.m.•55 views

CVE-2006-4345

Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response.

7.5CVSS7.8AI score0.05153EPSS

CVE•added 2006/08/24 8:4 p.m.•43 views

CVE-2006-4346

Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERI...

7.5CVSS6.9AI score0.02329EPSS