Vulnerabilities > Digium > Asterisk > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-07 | CVE-2007-1306 | Remote Denial of Service vulnerability in Asterisk SIP Channel Driver Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference. | 7.8 |
| 2006-10-23 | CVE-2006-5445 | Remote Denial of Service vulnerability in Asterisk Chan_Sip.c Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary. | 7.8 |
| 2006-10-23 | CVE-2006-5444 | Remote Buffer Overflow vulnerability in Asterisk Chan_Skinny Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. | 7.5 |
| 2006-08-24 | CVE-2006-4346 | Remote vulnerability in Digium Asterisk 1.2.10 Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable. | 7.5 |
| 2006-08-24 | CVE-2006-4345 | Remote vulnerability in Asterisk Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response. | 7.5 |
| 2006-06-07 | CVE-2006-2898 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Digium Asterisk The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. | 7.5 |
| 2003-09-22 | CVE-2003-0779 | Unspecified vulnerability in Digium Asterisk SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string. | 7.5 |
| 2003-09-17 | CVE-2003-0761 | Remote Security vulnerability in Digium Asterisk 1.2.13 Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests. | 7.5 |