Search Results (Refine Search)
- CPE Product Version: cpe:/a:digium:asterisk:10.1.0:rc1:digiumphones
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-5977 |
Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache. Published: January 04, 2013; 10:55:02 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-5976 |
Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol. Published: January 04, 2013; 6:52:14 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-3812 |
Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox. Published: July 09, 2012; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2012-3863 |
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses. Published: July 09, 2012; 6:20:44 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |