AST-2019-007: AMI user could execute system commands.

Asterisk Project Security Advisory - AST-2019-007 ProductAsterisk SummaryAMI user could execute system commands. Nature of Advisory Remote Code Execution

AST-2019-008: Re-invite with T.38 and malformed SDP causes crash.

Asterisk Project Security Advisory - ProductAsterisk SummaryRe-invite with T.38 and malformed SDP causes crash. Nature of Advisory Remote Crash

AST-2019-006: SIP request can change address of a SIP peer.

Asterisk Project Security Advisory - AST-2019-006 ProductAsterisk SummarySIP request can change address of a SIP peer. Nature of Advisory Denial of Service

AST-2019-005: Remote Crash Vulnerability in audio transcoding

Asterisk Project Security Advisory - AST-2019-005 Product Asterisk Summary Remote Crash Vulnerability in audio transcoding Nature of Advisory Denial of Service

AST-2019-004: Crash when negotiating for T.38 with a declined stream

Asterisk Project Security Advisory - AST-2019-004 ProductAsterisk SummaryCrash when negotiating for T.38 with a declined stream

AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver

Asterisk Project Security Advisory - AST-2019-003 ProductAsterisk SummaryRemote Crash Vulnerability in chan_sip channel driver

AST-2019-002: Remote crash vulnerability with MESSAGE messages

Asterisk Project Security Advisory - AST-2019-002 Product Asterisk Summary Remote crash vulnerability with MESSAGE messages Nature of Advisory Denial Of Service

AST-2019-001: Remote crash vulnerability with SDP protocol violation

Asterisk Project Security Advisory - AST-2019-001 ProductAsterisk SummaryRemote crash vulnerability with SDP protocol violation

AST-2018-010: Remote crash vulnerability DNS SRV and NAPTR lookups

Asterisk Project Security Advisory - AST-2018-010 ProductAsterisk SummaryRemote crash vulnerability DNS SRV and NAPTR lookups Nature of Advisory Denial Of Service

AST-2018-010:

Asterisk Project Security Advisory - AST-2018-010 ProductAsterisk Remote crash vulnerability DNS SRV and NAPTR lookups Nature of Advisory Denial Of Service

AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade

Asterisk Project Security Advisory - AST-2018-009 ProductAsterisk SummaryRemote crash vulnerability in HTTP websocket upgrade Nature of Advisory Denial Of Service

AST-2018-008: PJSIP endpoint presence disclosure when using ACL

Asterisk Project Security Advisory - AST-2018-008 ProductAsterisk SummaryPJSIP endpoint presence disclosure when using ACL Nature of Advisory Unauthorized data disclosure

AST-2018-007: Infinite loop when reading iostreams

Asterisk Project Security Advisory - AST-2018-007 ProductAsterisk SummaryInfinite loop when reading iostreams Nature of Advisory Denial of Service

AST-2017-012: Remote Crash Vulnerability in RTCP Stack

Asterisk Project Security Advisory - AST-2017-012 Product Asterisk Summary Remote Crash Vulnerability in RTCP Stack Nature of Advisory Denial of Service

AST-2017-009: Buffer overflow in pjproject header parsing can cause crash in Asterisk

Asterisk Project Security Advisory - AST-2017-009 ProductAsterisk SummaryBuffer overflow in pjproject header parsing can cause crash in Asterisk

AST-2017-010: Buffer overflow in CDR's set user

Asterisk Project Security Advisory - AST-2017-010 ProductAsterisk SummaryBuffer overflow in CDR's set user Nature of Advisory Buffer Overflow

AST-2017-011: Memory leak in pjsip session resource

Asterisk Project Security Advisory - AST-2017-011 ProductAsterisk SummaryMemory leak in pjsip session resource Nature of Advisory Memory leak

AST-2017-001: Buffer overflow in CDR's set user

Asterisk Project Security Advisory - AST-2017-001 ProductAsterisk SummaryBuffer overflow in CDR's set user Nature of Advisory Buffer Overflow

AST-2016-009:

Asterisk Project Security Advisory - ASTERISK-2016-009 ProductAsterisk Summary Nature of Advisory Authentication Bypass SusceptibilityRemote unauthenticated

AST-2016-008: Crash on SDP offer or answer from endpoint using Opus

Asterisk Project Security Advisory - AST-2016-008 ProductAsterisk SummaryCrash on SDP offer or answer from endpoint using Opus

AST-2016-007: RTP Resource Exhaustion

Asterisk Project Security Advisory - AST-2016-007 ProductAsterisk SummaryRTP Resource Exhaustion Nature of Advisory Denial of Service

AST-2016-005: TCP denial of service in PJProject

Asterisk Project Security Advisory - AST-2016-005 ProductAsterisk SummaryTCP denial of service in PJProject Nature of Advisory Crash/Denial of Service

AST-2016-004: Long Contact URIs in REGISTER requests can crash Asterisk

Asterisk Project Security Advisory - AST-2016-004 ProductAsterisk SummaryLong Contact URIs in REGISTER requests can crash Asterisk

AST-2016-001: BEAST vulnerability in HTTP server

Asterisk Project Security Advisory - AST-2016-001 ProductAsterisk SummaryBEAST vulnerability in HTTP server Nature of Advisory Unauthorized data disclosure due to

AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data.

Asterisk Project Security Advisory - AST-2016-003 ProductAsterisk SummaryRemote crash vulnerability when receiving UDPTL FAX data.

AST-2016-002: File descriptor exhaustion in chan_sip

Asterisk Project Security Advisory - AST-2016-002 ProductAsterisk SummaryFile descriptor exhaustion in chan_sip Nature of Advisory Denial of Service

AST-2015-003: TLS Certificate Common name NULL byte exploit

Asterisk Project Security Advisory - AST-2015-003 ProductAsterisk SummaryTLS Certificate Common name NULL byte exploit Nature of Advisory Man in the Middle Attack

AST-2015-001: File descriptor leak when incompatible codecs are offered

Asterisk Project Security Advisory - AST-2015-001 ProductAsterisk SummaryFile descriptor leak when incompatible codecs are offered

AST-2014-019: Remote Crash Vulnerability in WebSocket Server

Asterisk Project Security Advisory - AST-2014-019 ProductAsterisk SummaryRemote Crash Vulnerability in WebSocket Server Nature of Advisory Denial of Service

AST-2014-014: High call load may result in hung channels in ConfBridge.

Asterisk Project Security Advisory - AST-2014-014 ProductAsterisk SummaryHigh call load may result in hung channels in ConfBridge.

AST-2014-018: AMI permission escalation through DB dialplan function

Asterisk Project Security Advisory - AST-2014-018 ProductAsterisk SummaryAMI permission escalation through DB dialplan function

AST-2014-017: font size=3 style=font-size: 12ptPermission escalation through ConfBridge actions/dialplan functions/font

Asterisk Project Security Advisory - AST-2014-017 ProductAsterisk SummaryPermission escalation through ConfBridge actions/dialplan functions

AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver

Asterisk Project Security Advisory - AST-2014-016 ProductAsterisk SummaryRemote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service

AST-2014-015: Remote Crash Vulnerability in PJSIP channel driver

Asterisk Project Security Advisory - AST-2014-015 ProductAsterisk SummaryRemote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service

AST-2014-013: PJSIP ACLs are not loaded on startup

Asterisk Project Security Advisory - AST-2014-013 ProductAsterisk SummaryPJSIP ACLs are not loaded on startup Nature of Advisory Unauthorized Access

AST-2014-012: Mixed IP address families in access control lists may permit unwanted traffic.

Asterisk Project Security Advisory - AST-2014-012 ProductAsterisk SummaryMixed IP address families in access control lists may permit unwanted traffic.

AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability

Asterisk Project Security Advisory - AST-2014-011 ProductAsterisk SummaryAsterisk Susceptibility to POODLE Vulnerability Nature of Advisory Unauthorized Data Disclosure

AST-2014-009: Remote crash based on malformed SIP subscription requests

Asterisk Project Security Advisory - AST-2014-009 ProductAsterisk SummaryRemote crash based on malformed SIP subscription requests

AST-2014-010: Remote crash when handling out of call message in certain dialplan configurations

Asterisk Project Security Advisory - AST-2014-010 ProductAsterisk SummaryRemote crash when handling out of call message in certain dialplan configurations

AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework

Asterisk Project Security Advisory - AST-2014-005 ProductAsterisk SummaryRemote Crash in PJSIP Channel Driver's Publish/Subscribe Framework

AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections

Asterisk Project Security Advisory - AST-2014-007 Product Asterisk Summary Exhaustion of Allowed Concurrent HTTP Connections Nature of Advisory Denial Of Service

AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions

Asterisk Project Security Advisory - AST-2014-008 ProductAsterisk SummaryDenial of Service in PJSIP Channel Driver Subscriptions

AST-2014-006: Asterisk Manager User Unauthorized Shell Access

Asterisk Project Security Advisory - AST-2014-006 Product Asterisk Summary Asterisk Manager User Unauthorized Shell Access Nature of Advisory Permission Escalation

AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers.

Asterisk Project Security Advisory - AST-2014-001 ProductAsterisk SummaryStack Overflow in HTTP Processing of Cookie Headers. Nature of Advisory Denial Of Service

AST-2014-002: Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers

Asterisk Project Security Advisory - AST-2014-002 ProductAsterisk SummaryDenial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers

AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver

Asterisk Project Security Advisory - AST-2014-003 ProductAsterisk SummaryRemote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service

AST-2014-004: Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling

Asterisk Project Security Advisory - AST-2014-004 ProductAsterisk SummaryRemote Crash Vulnerability in PJSIP Channel Driver Subscription Handling

AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message

Asterisk Project Security Advisory - AST-2013-006 ProductAsterisk SummaryBuffer Overflow when receiving odd length 16 bit SMS message

AST-2013-007: Asterisk Manager User Dialplan Permission Escalation

Asterisk Project Security Advisory - AST-2013-007 ProductAsterisk SummaryAsterisk Manager User Dialplan Permission Escalation Nature of Advisory Permission Escalation

AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request

Asterisk Project Security Advisory - AST-2013-005 ProductAsterisk SummaryRemote Crash when Invalid SDP is sent in SIP Request Nature of Advisory Remote Crash

AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP

Asterisk Project Security Advisory - AST-2013-004 Product Asterisk Summary Remote Crash From Late Arriving SIP ACK With SDP Nature of Advisory Remote Crash

AST-2013-001: Buffer Overflow Exploit Through SIP SDP Header

Asterisk Project Security Advisory - AST-2013-001 Product Asterisk Summary Buffer Overflow Exploit Through SIP SDP Header Nature of Advisory Exploitable Stack Buffer Overflow

AST-2013-002: Denial of Service in HTTP server

Asterisk Project Security Advisory - AST-2013-002 Product Asterisk Summary Denial of Service in HTTP server Nature of Advisory Denial of Service

AST-2013-003: Username disclosure in SIP channel driver

Asterisk Project Security Advisory - AST-2013-003 Product Asterisk Summary Username disclosure in SIP channel driver Nature of Advisory Unauthorized data disclosure

AST-2012-014: Crashes due to large stack allocations when using TCP

Asterisk Project Security Advisory - AST-2012-014 ProductAsterisk SummaryCrashes due to large stack allocations when using TCP

AST-2012-015: Denial of Service Through Exploitation of Device State Caching

Asterisk Project Security Advisory - AST-2012-015 ProductAsterisk SummaryDenial of Service Through Exploitation of Device State Caching

AST-2012-012: Asterisk Manager User Unauthorized Shell Access

Asterisk Project Security Advisory - AST-2012-012 Product Asterisk Summary Asterisk Manager User Unauthorized Shell Access Nature of Advisory Permission Escalation

AST-2012-013: ACL rules ignored when placing outbound calls by certain IAX2 users

Asterisk Project Security Advisory - AST-2012-013 ProductAsterisk SummaryACL rules ignored when placing outbound calls by certain IAX2 users

AST-2012-010: Possible resource leak on uncompleted re-invite transactions

Asterisk Project Security Advisory - AST-2012-010 ProductAsterisk SummaryPossible resource leak on uncompleted re-invite transactions

AST-2012-011: Remote crash vulnerability in voice mail application

Asterisk Project Security Advisory - AST-2012-011 ProductAsterisk SummaryRemote crash vulnerability in voice mail application Nature of Advisory Denial of Service

AST-2012-009: Skinny Channel Driver Remote Crash Vulnerability

Asterisk Project Security Advisory - AST-2012-009 Product Asterisk Summary Skinny Channel Driver Remote Crash Vulnerability Nature of Advisory Denial of Service

AST-2012-007: Remote crash vulnerability in IAX2 channel driver.

Asterisk Project Security Advisory - AST-2012-007 ProductAsterisk SummaryRemote crash vulnerability in IAX2 channel driver. Nature of Advisory Remote crash

AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability

Asterisk Project Security Advisory - AST-2012-008 Product Asterisk Summary Skinny Channel Driver Remote Crash Vulnerability Nature of Advisory Denial of Service

AST-2012-004: Asterisk Manager User Unauthorized Shell Access

Asterisk Project Security Advisory - AST-2012-004 Product Asterisk Summary Asterisk Manager User Unauthorized Shell Access Nature of Advisory Permission Escalation

AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver

Asterisk Project Security Advisory - AST-2012-005 Product Asterisk Summary Heap Buffer Overflow in Skinny Channel Driver Nature of Advisory Exploitable Heap Buffer Overflow

AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver

Asterisk Project Security Advisory - AST-2012-006 Product Asterisk Summary Remote Crash Vulnerability in SIP Channel Driver Nature of Advisory Remote Crash

AST-2012-002: Remote Crash Vulnerability in Milliwatt Application

Asterisk Project Security Advisory - AST-2012-002 ProductAsterisk SummaryRemote Crash Vulnerability in Milliwatt Application Nature of Advisory Exploitable Stack Buffer Overflow with locally

AST-2012-003: Stack Buffer Overflow in HTTP Manager

Asterisk Project Security Advisory - AST-2012-003 Product Asterisk Summary Stack Buffer Overflow in HTTP Manager Nature of Advisory Exploitable Stack Buffer Overflow

AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings

Asterisk Project Security Advisory - AST-2011-013 ProductAsterisk SummaryPossible remote enumeration of SIP endpoints with differing NAT settings

AST-2011-014: Remote crash possibility with SIP and the “automon” feature enabled

Asterisk Project Security Advisory - AST-2011-014 ProductAsterisk SummaryRemote crash possibility with SIP and the automon feature enabled

AST-2011-012: Remote crash vulnerability in SIP channel driver

Asterisk Project Security Advisory - AST-2011-012 Product Asterisk Summary Remote crash vulnerability in SIP channel driver Nature of Advisory Remote crash

AST-2011-005: File Descriptor Resource Exhaustion

Asterisk Project Security Advisory - AST-2011-005 Product Asterisk Summary File Descriptor Resource Exhaustion Nature of Advisory Denial of Service

AST-2011-006: Asterisk Manager User Shell Access

Asterisk Project Security Advisory - AST-2011-006 ProductAsterisk SummaryAsterisk Manager User Shell Access Nature of Advisory Permission Escalation

AST-2011-003:

ProductAsterisk SummaryResource exhaustion in Asterisk Manager Interface Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions if

AST-2011-004:

ProductAsterisk SummaryRemote crash vulnerability in TCP/TLS server Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions

AST-2011-002: Multiple array overflow and crash vulnerabilities in UDPTL code

Asterisk Project Security Advisory - AST-2011-002 Product Asterisk Summary Multiple array overflow and crash vulnerabilities in UDPTL code

AST-2011-001: Stack buffer overflow in SIP channel driver

Asterisk Project Security Advisory - AST-2011-001 ProductAsterisk SummaryStack buffer overflow in SIP channel driver Nature of Advisory Exploitable Stack Buffer Overflow

AST-2010-003: Invalid parsing of ACL rules can compromise security

Asterisk Project Security Advisory - AST-2010-003 ++ | Product | Asterisk |

AST-2010-002: Dialplan injection vulnerability

Asterisk Project Security Advisory - AST-2010-002 ++ | Product| Asterisk|

AST-2010-001: T.38 Remote Crash Vulnerability

Asterisk Project Security Advisory - AST-2010-001 ++ | Product| Asterisk|

AST-2009-010: RTP Remote Crash Vulnerability

Asterisk Project Security Advisory - AST-2009-010 ++ | Product| Asterisk|

AST-2009-007: ACL not respected on SIP INVITE

Asterisk Project Security Advisory - AST-2009-007 ++ | Product | Asterisk |

AST-2009-006: IAX2 Call Number Resource Exhaustion

Asterisk Project Security Advisory - AST-2009-006 ++ | Product | Asterisk |

AST-2009-005: Remote Crash Vulnerability in SIP channel driver

Asterisk Project Security Advisory - AST-2009-005 ++ | Product | Asterisk |

AST-2009-004: Remote Crash Vulnerability in RTP stack

Asterisk Project Security Advisory - AST-2009-004 ++ | Product| Asterisk|

AST-2009-003: SIP responses expose valid usernames

Asterisk Project Security Advisory - AST-2009-003 ++ | Product | Asterisk |

AST-2009-002: Remote Crash Vulnerability in SIP channel driver

Asterisk Project Security Advisory - AST-2009-002 ++ | Product | Asterisk |

AST-2009-001: Information leak in IAX2 authentication

Asterisk Project Security Advisory - AST-2009-001 ++ | Product| Asterisk|

AST-2008-012: Remote crash vulnerability in IAX2

Asterisk Project Security Advisory - AST-2008-012 ++ | Product| Asterisk|

AST-2008-010: Asterisk IAX 'POKE' resource exhaustion

Asterisk Project Security Advisory - AST-2008-010 ++ | Product| Asterisk|

AST-2008-011: Traffic amplification in IAX2 firmware provisioning system

Asterisk Project Security Advisory - AST-2008-011 ++ | Product | Asterisk |

AST-2008-009: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

Asterisk Project Security Advisory - AST-2008-009 ++ | Product | Asterisk-Addons |

AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver

Asterisk Project Security Advisory - AST-2008-009 ++ | Product | Asterisk-Addons |

AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode

Asterisk Project Security Advisory - AST-2008-008 ++ | Product | Asterisk |

/home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

Asterisk Project Security Advisory - AST-2008-007 ++ | Product | Asterisk |

AST-2008-005: HTTP Manager ID is predictable

Asterisk Project Security Advisory - AST-2008-005 ++ | Product| Asterisk|

AST-2008-004: Format String Vulnerability in Logger and Manager

Asterisk Project Security Advisory - AST-2008-004 ++ | Product | Asterisk |

AST-2008-002: Two buffer overflows in RTP Codec Payload Handling

Asterisk Project Security Advisory - AST-2008-002 ++ | Product | Asterisk |

AST-2008-001: Crash from transfer using BYE with Also header

Asterisk Project Security Advisory - AST-2008-001 ++ | Product | Asterisk |

AST-2007-026 - SQL Injection issue in cdr_pgsql

Asterisk Project Security Advisory - AST-2007-026 ++ | Product| Asterisk|

  1   2   >