Download
| Alert*
|
oval:org.secpod.oval:def:1800000
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. Reference oval:org.secpod.oval:def:1800155 CVE-2017-14098: Remote Crash Vulnerability in res_pjsip Fixed In Version: asterisk 13.17.1, asterisk 14.6.1 oval:org.secpod.oval:def:44779 CVE-2017-14099: Media takeover in RTP stack Fixed In Version:¶ asterisk 13.17.1, asterisk 14.6.1 oval:org.secpod.oval:def:1900264 In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure is possible with careful tilibming-dev by an attacker. The "strictrtp" option in rtp.conf enab ... oval:org.secpod.oval:def:53150 Klaus-Peter Junghann discovered that insufficient validation of RTCP packets in Asterisk may result in an information leak oval:org.secpod.oval:def:1900249 In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before13.13-cert6, insufficient RTCP packet validation could allow read ing stalebuffer contents and when combined with the "nat" and "symmetric_rtp"options allow redir ... oval:org.secpod.oval:def:53128 Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in disclosure of RTP connections or the execution of arbitrary shell commands oval:org.secpod.oval:def:1900271 In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before13.13-cert5, unauthorized command execution is possible. The app_minivmmodule has an "externnotify" program configuration option that is executed by the MinivmNot ... oval:org.secpod.oval:def:603089 Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in disclosure of RTP connections or the execution of arbitrary shell commands oval:org.secpod.oval:def:603122 Klaus-Peter Junghann discovered that insufficient validation of RTCP packets in Asterisk may result in an information leak oval:org.secpod.oval:def:1900557 An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between ... |
