VYPR

Opensource

by Asterisk

Source repositories

CVEs (25)

  • CVE-2018-12228MedJun 12, 2018
    Digium
    Asterisk
    risk 0.43cvss 6.5epss 0.07

    An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders…

  • CVE-2008-0095Jan 8, 2008
    Asterisk
    Asterisknow
    risk 0.05cvss epss 0.25

    The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of…

  • CVE-2008-2119Jun 4, 2008
    Asterisk
    Business Edition
    risk 0.04cvss epss 0.07

    Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From…

  • CVE-2008-1289Mar 24, 2008
    Asterisk
    Asterisknow
    risk 0.04cvss epss 0.12

    Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2…

  • CVE-2013-2686Apr 1, 2013
    Asterisk
    Certified Asterisk
    risk 0.00cvss epss 0.02

    main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict…

  • CVE-2013-2685Apr 1, 2013
    Asterisk
    Asterisk Open Source
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.

  • CVE-2013-2264Apr 1, 2013
    Asterisk
    Certified Asterisk
    risk 0.00cvss epss 0.01

    The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before…

  • CVE-2012-2186Aug 31, 2012
    Asterisk
    Certified Asterisk
    risk 0.00cvss epss 0.04

    Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x…

  • CVE-2012-2948Jun 2, 2012
    Asterisk
    Certified Asterisk
    risk 0.00cvss epss 0.02

    chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon…

  • CVE-2012-2416Apr 30, 2012
    Asterisk
    Business Edition
    risk 0.00cvss epss 0.02

    chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by…

  • CVE-2012-2415Apr 30, 2012
    Asterisk
    Opensource
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a…

  • CVE-2012-2414Apr 30, 2012
    Asterisk
    Business Edition
    risk 0.00cvss epss 0.03

    main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote…

  • CVE-2012-0885Jan 25, 2012
    Asterisk
    Asterisk Open Source
    risk 0.00cvss epss 0.03

    chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message…

  • CVE-2011-4063Oct 21, 2011
    Digium
    Asterisk
    risk 0.00cvss epss 0.02

    chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request.

  • CVE-2011-1507Apr 27, 2011
    Asterisk
    Business Edition
    risk 0.00cvss epss 0.03

    Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers…

  • CVE-2010-1224Apr 1, 2010
    Digium
    Asterisk
    risk 0.00cvss epss 0.04

    main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic…

  • CVE-2009-2346Sep 8, 2009
    Asterisk
    Asterisk
    risk 0.00cvss epss 0.03

    The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows…

  • CVE-2009-0041Jan 14, 2009
    Asterisk
    Business Edition
    risk 0.00cvss epss 0.03

    IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login…

  • CVE-2008-5558Dec 17, 2008
    Asterisk
    Business Edition
    risk 0.00cvss epss 0.02

    Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname…

  • CVE-2008-3264Jul 24, 2008
    Asterisk
    Asterisknow
    risk 0.00cvss epss 0.03

    The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows…

Page 1 of 2