VYPR

Vendor CVEs

Asterisk

All CVEs

163 total · sorted by risk
  • CVE-2007-4280Aug 9, 2007
    risk 0.00cvss epss 0.01

    The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a…

  • CVE-2007-3765Jul 18, 2007
    risk 0.00cvss epss 0.02

    The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.

  • CVE-2007-3762Jul 18, 2007
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute…

  • CVE-2007-2488May 7, 2007
    risk 0.00cvss epss 0.04

    The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash),…

  • CVE-2007-2297Apr 26, 2007
    risk 0.00cvss epss 0.02

    The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).

  • CVE-2007-2294Apr 26, 2007
    risk 0.00cvss epss 0.04

    The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.

  • CVE-2007-1594Mar 22, 2007
    risk 0.00cvss epss 0.03

    The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet.

  • CVE-2007-1595Mar 22, 2007
    risk 0.00cvss epss 0.03

    The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.

  • CVE-2006-5445Oct 23, 2006
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt…

  • CVE-2006-2898Jun 7, 2006
    risk 0.00cvss epss 0.04

    The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer…

  • CVE-2006-2021Apr 25, 2006
    risk 0.00cvss epss 0.02

    Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording parameter. NOTE: this…

  • CVE-2005-2081Jul 5, 2005
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character.

  • CVE-2003-0761Sep 17, 2003
    risk 0.00cvss epss 0.04

    Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests.

Page 4 of 4