Asterisk@11.5.0 Security Vulnerabilities and Issues — Asterisk@11.5.0 CVE List

Lucene search

DigiumAsterisk11.5.0

10 matches found

CVE•added 2013/09/09 5:55 p.m.•151 views

CVE-2013-5642

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote at...

5CVSS6.3AI score0.05078EPSS

CVE•added 2013/09/09 5:55 p.m.•144 views

CVE-2013-5641

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereferenc...

5CVSS6.4AI score0.04098EPSS

CVE•added 2015/04/10 3:0 p.m.•93 views

CVE-2015-3008

Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name ...

4.3CVSS7.1AI score0.39025EPSS

CVE•added 2014/06/17 2:55 p.m.•84 views

CVE-2014-4047

Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTT...

5CVSS6.5AI score0.11713EPSS

CVE•added 2017/04/17 4:59 p.m.•81 views

CVE-2016-7551

chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).

7.5CVSS7.2AI score0.0663EPSS

CVE•added 2014/11/26 3:59 p.m.•74 views

CVE-2014-6610

Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax di...

4CVSS3.7AI score0.01176EPSS

CVE•added 2016/12/12 9:59 p.m.•73 views

CVE-2016-9938

An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content betwee...

5.3CVSS5.3AI score0.01419EPSS

CVE•added 2013/12/19 10:55 p.m.•69 views

CVE-2013-7100

Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-c...

5CVSS6.6AI score0.02766EPSS

CVE•added 2014/06/17 2:55 p.m.•63 views

CVE-2014-4046

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.

6.5CVSS7.1AI score0.03222EPSS

CVE•added 2014/12/12 3:59 p.m.•60 views

CVE-2014-9374

Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length f...

5CVSS6.5AI score0.49122EPSS