Asterisk@1.4.16.1 Security Vulnerabilities and Issues — Asterisk@1.4.16.1 CVE List

Lucene search

DigiumAsterisk1.4.16.1

9 matches found

CVE•added 2009/11/10 6:30 p.m.•69 views

CVE-2009-3727

Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages ...

5CVSS6.2AI score0.0072EPSS

CVE•added 2009/12/02 11:30 a.m.•69 views

CVE-2009-4055

rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of ser...

5CVSS6.2AI score0.00449EPSS

CVE•added 2011/03/15 5:55 p.m.•66 views

CVE-2011-1147

Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; Asteri...

6.8CVSS7.7AI score0.02835EPSS

CVE•added 2011/07/06 7:55 p.m.•63 views

CVE-2011-2535

chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denia...

5CVSS7.2AI score0.0018EPSS

CVE•added 2011/07/06 7:55 p.m.•63 views

CVE-2011-2536

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on...

5CVSS6.3AI score0.00187EPSS

CVE•added 2011/04/27 12:55 a.m.•61 views

CVE-2011-1507

Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial o...

5CVSS6.5AI score0.00147EPSS

CVE•added 2011/12/15 3:57 a.m.•61 views

CVE-2011-4597

The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of...

5CVSS6.4AI score0.00685EPSS

CVE•added 2011/04/27 12:55 a.m.•57 views

CVE-2011-1599

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users...

9CVSS7.1AI score0.00338EPSS

CVE•added 2011/07/06 7:55 p.m.•54 views

CVE-2011-2666

The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differ...

5CVSS6.4AI score0.0059EPSS