Next Page >>
Advisory Contact
Exploits Known Yes
Reported On March 18, 2011
Reported By Tzafrir Cohen < tzafrir.cohen AT xorcom DOT com >
Posted On April 21, 2011
Last Updated On April 21, 2011
Advisory Contact Matthew Nicholson <mnicholson@digium.com>
CVE Name CVE-2011-1507
Description On systems that have the Asterisk Manager Interface, Skinny,
SIP over TCP, or the built in HTTP server enabled, it is
possible for an attacker to open as many connections to
|--------------------+---------------------------------------------------|
| Posted On | June 4, 2008 |
|--------------------+---------------------------------------------------|
| Last Updated On | June 4, 2008 |
|--------------------+---------------------------------------------------|
| Advisory Contact | Mark Michelson <mmichelson AT digium DOT com> |
|--------------------+---------------------------------------------------|
| CVE Name | CVE-2008-2543 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
|--------------------+---------------------------------------------------|
| Posted On | August 24, 2007 |
|--------------------+---------------------------------------------------|
| Last Updated On | August 24, 2007 |
|--------------------+---------------------------------------------------|
| Advisory Contact | Mark Michelson <mmichelson@digium.com> |
|--------------------+---------------------------------------------------|
| CVE Name |CVE-2007-4521 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
|--------------------+---------------------------------------------------|
| Posted On | July 23, 2007 |
|--------------------+---------------------------------------------------|
| Last Updated On | July 25, 2007 |
|--------------------+---------------------------------------------------|
| Advisory Contact | Russell Bryant <russell@digium.com> |
|--------------------+---------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
|----------------------+-------------------------------------------------|
| Posted On | November 29, 2007 |
|----------------------+-------------------------------------------------|
| Last Updated On | November 29, 2007 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Tilghman Lesher <tlesher AT digium DOT com> |
|----------------------+-------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
Exploits Known No
Reported On October 4, 2011
Reported By Ehsan Foroughi
Posted On October 17, 2011
Last Updated On October 17, 2011
Advisory Contact Terry Wilson <twilson@digium.com>
CVE Name CVE-2011-4063
Description A remote authenticated user can cause a crash with a
malformed request due to an unitialized variable.
|----------------------+-------------------------------------------------|
| Posted On | November 4, 2009 |
|----------------------+-------------------------------------------------|
| Last Updated On | November 4, 2009 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Joshua Colp <jcolp AT digium DOT com> |
|----------------------+-------------------------------------------------|
| CVE Name | CVE-2008-7220 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
Exploits Known Yes
Reported On 2011-07-18
Reported By Ben Williams
Posted On
Last Updated On December 7, 2011
Advisory Contact Terry Wilson <twilson@digium.com>
CVE Name
Description It is possible to enumerate SIP usernames when the general
and user/peer NAT settings differ in whether to respond to
the port a request is sent from or the port listed for
|---------------------+--------------------------------------------------|
| Posted On | January 2, 2008 |
|---------------------+--------------------------------------------------|
| Last Updated On | January 2, 2008 |
|---------------------+--------------------------------------------------|
| Advisory Contact | Joshua Colp <jcolp@digium.com> |
|---------------------+--------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
|----------------------+-------------------------------------------------|
| Posted On | November 29, 2007 |
|----------------------+-------------------------------------------------|
| Last Updated On | November 29, 2007 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Tilghman Lesher <tlesher AT digium DOT com> |
|----------------------+-------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
|---------------------+--------------------------------------------------|
| Posted On | June 02, 2011 |
|---------------------+--------------------------------------------------|
| Last Updated On | June 02, 2011 |
|---------------------+--------------------------------------------------|
| Advisory Contact | Jonathan Rose jrose@digium.com |
|---------------------+--------------------------------------------------|
| CVE Name | CVE-2011-2216 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
|--------------------+---------------------------------------------------|
| Posted On | August 21, 2007 |
|--------------------+---------------------------------------------------|
| Last Updated On | August 21, 2007 |
|--------------------+---------------------------------------------------|
| Advisory Contact | Russell Bryant <russell@digium.com> |
|--------------------+---------------------------------------------------|
| CVE Name | CVE-2007-4455 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
|---------------------+--------------------------------------------------|
| Posted On | August 10, 2009 |
|---------------------+--------------------------------------------------|
| Last Updated On | August 10, 2009 |
|---------------------+--------------------------------------------------|
| Advisory Contact | Tilghman Lesher < tlesher AT digium DOT com > |
|---------------------+--------------------------------------------------|
| CVE Name | CVE-2009-2726 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
Exploits Known Yes
Reported On November 2, 2011
Reported By Kristijan Vrban
Posted On 2011-11-03
Last Updated On December 7, 2011
Advisory Contact Terry Wilson <twilson@digium.com>
CVE Name
Description When the "automon" feature is enabled in features.conf, it
is possible to send a sequence of SIP requests that cause
Asterisk to dereference a NULL pointer and crash.
|----------------------+-------------------------------------------------|
| Posted On | January 7, 2009 |
|----------------------+-------------------------------------------------|
| Last Updated On | January 7, 2009 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Tilghman Lesher < tlesher AT digium DOT com > |
|----------------------+-------------------------------------------------|
| CVE Name | CVE-2009-0041 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
|--------------------+---------------------------------------------------|
| Posted On | March 18, 2008 |
|--------------------+---------------------------------------------------|
| Last Updated On | March 18, 2008 |
|--------------------+---------------------------------------------------|
| Advisory Contact | Joshua Colp <jcolp@digium.com> |
|--------------------+---------------------------------------------------|
| CVE Name | CVE-2008-1333 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
|----------------------+-------------------------------------------------|
| Posted On | July 22, 2008 |
|----------------------+-------------------------------------------------|
| Last Updated On | July 22, 2008 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Tilghman Lesher < tlesher AT digium DOT com > |
|----------------------+-------------------------------------------------|
| CVE Name | CVE-2008-3263 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
|--------------------+---------------------------------------------------|
| Posted On | September 3, 2009 |
|--------------------+---------------------------------------------------|
| Last Updated On | September 3, 2009 |
|--------------------+---------------------------------------------------|
| Advisory Contact | Russell Bryant < russell AT digium DOT com > |
|--------------------+---------------------------------------------------|
| CVE Name | CVE-2009-2346 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
|--------------------+---------------------------------------------------|
| Posted On | May 16, 2008 |
|--------------------+---------------------------------------------------|
| Last Updated On | May 22, 2008 |
|--------------------+---------------------------------------------------|
| Advisory Contact | Mark Michelson < mmichelson AT digium DOT com > |
|--------------------+---------------------------------------------------|
| CVE Name | CVE-2008-0166 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
|----------------------+-------------------------------------------------|
| Posted On | |
|----------------------+-------------------------------------------------|
| Last Updated On | December 9, 2008 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Mark Michelson <mmichelson AT digium DOT com> |
|----------------------+-------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
|---------------------+--------------------------------------------------|
| Posted On | March 10, 2009 |
|---------------------+--------------------------------------------------|
| Last Updated On | March 10, 2009 |
|---------------------+--------------------------------------------------|
| Advisory Contact | Joshua Colp <jcolp@digium.com> |
|---------------------+--------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
|--------------------+---------------------------------------------------|
| Posted On | October 31, 2007 |
|--------------------+---------------------------------------------------|
| Last Updated On | November 1, 2007 |
|--------------------+---------------------------------------------------|
| Advisory Contact | Mark Michelson <mmichelson AT digium DOT com> |
|--------------------+---------------------------------------------------|
| CVE Name | CVE-2007-5690 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
Exploits Known No
Reported On January 27, 2011
Reported By Matthew Nicholson
Posted On February 21, 2011
Last Updated On February 21, 2011
Advisory Contact Matthew Nicholson <mnicholson@digium.com>
CVE Name
Description When decoding UDPTL packets, multiple stack and heap based
arrays can be made to overflow by specially crafted packets.
Systems doing T.38 pass through or termination are vulnerable.
|--------------------+---------------------------------------------------|
| Posted On | April 22, 2008 |
|--------------------+---------------------------------------------------|
| Last Updated On | April 22, 2008 |
|--------------------+---------------------------------------------------|
| Advisory Contact | Tilghman Lesher < tlesher AT digium DOT com > |
|--------------------+---------------------------------------------------|
| CVE Name | CVE-2008-1897 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
|--------------------+---------------------------------------------------|
| Posted On | May 8, 2008 |
|--------------------+---------------------------------------------------|
| Last Updated On | June 3, 2008 |
|--------------------+---------------------------------------------------|
| Advisory Contact | Joshua Colp <jcolp@digium.com> |
|--------------------+---------------------------------------------------|
| CVE Name | CVE-2008-2119 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
Exploits Known Yes
Reported On February 10, 2011
Reported By Mark Murawski <markm AT intellasoft DOT net>
Posted On April 21, 2011
Last Updated On April 21, 2011
Advisory Contact Matthew Nicholson <mnicholson@digium.com>
CVE Name
Description It is possible for a user of the Asterisk Manager Interface to
bypass a security check and execute shell commands when they
should not have that ability. Sending the "Async" header with
|----------------------+-------------------------------------------------|
| Posted On | November 4, 2009 |
|----------------------+-------------------------------------------------|
| Last Updated On | November 4, 2009 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Joshua Colp <jcolp AT digium DOT com> |
|----------------------+-------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
Exploits Known No
Reported On January 11, 2011
Reported By Matthew Nicholson
Posted On January 18, 2011
Last Updated On January 18, 2011
Advisory Contact Matthew Nicholson <mnicholson@digium.com>
CVE Name
Description When forming an outgoing SIP request while in pedantic mode, a
stack buffer can be made to overflow if supplied with
carefully crafted caller ID information. This vulnerability
|--------------------+---------------------------------------------------|
| Posted On | December 18, 2007 |
|--------------------+---------------------------------------------------|
| Last Updated On | December 18, 2007 |
|--------------------+---------------------------------------------------|
| Advisory Contact | Tilghman Lesher <tlesher AT digium DOT com> |
|--------------------+---------------------------------------------------|
| CVE Name | CVE-2007-6430 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
|--------------------+---------------------------------------------------|
| Posted On | August 7, 2007 |
|--------------------+---------------------------------------------------|
| Last Updated On | August 7, 2007 |
|--------------------+---------------------------------------------------|
| Advisory Contact | Jason Parker <jparker@digium.com> |
|--------------------+---------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
Next Page>>
|
