Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:digium:asterisk:11.1.0:rc2:*:*:*:*:*:*
There are 27 matching records.
Displaying matches 21 through 27.
Vuln ID Summary CVSS Severity
CVE-2014-4046

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.

Published: June 17, 2014; 10:55:07 AM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2013-7100

Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop.

Published: December 19, 2013; 5:55:04 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-5642

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.

Published: September 09, 2013; 1:55:06 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-5641

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.

Published: September 09, 2013; 1:55:06 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-5977

Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.

Published: January 04, 2013; 10:55:02 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-5976

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol.

Published: January 04, 2013; 6:52:14 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-0495

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.

Published: January 20, 2011; 2:00:08 PM -0500
V3.x:(not available)
V2.0: 6.0 MEDIUM