Download
| Alert*
oval:org.secpod.oval:def:1800000
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. Reference oval:org.secpod.oval:def:1800155 CVE-2017-14098: Remote Crash Vulnerability in res_pjsip Fixed In Version: asterisk 13.17.1, asterisk 14.6.1 oval:org.secpod.oval:def:109325 Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. oval:org.secpod.oval:def:110171 Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. oval:org.secpod.oval:def:110167 Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. oval:org.secpod.oval:def:44779 CVE-2017-14099: Media takeover in RTP stack Fixed In Version:¶ asterisk 13.17.1, asterisk 14.6.1 oval:org.secpod.oval:def:1900264 In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure is possible with careful tilibming-dev by an attacker. The "strictrtp" option in rtp.conf enab ... oval:org.secpod.oval:def:53150 Klaus-Peter Junghann discovered that insufficient validation of RTCP packets in Asterisk may result in an information leak oval:org.secpod.oval:def:1900249 In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before13.13-cert6, insufficient RTCP packet validation could allow read ing stalebuffer contents and when combined with the "nat" and "symmetric_rtp"options allow redir ... oval:org.secpod.oval:def:53128 Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in disclosure of RTP connections or the execution of arbitrary shell commands oval:org.secpod.oval:def:1900271 In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before13.13-cert5, unauthorized command execution is possible. The app_minivmmodule has an "externnotify" program configuration option that is executed by the MinivmNot ... oval:org.secpod.oval:def:603089 Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in disclosure of RTP connections or the execution of arbitrary shell commands oval:org.secpod.oval:def:603122 Klaus-Peter Junghann discovered that insufficient validation of RTCP packets in Asterisk may result in an information leak oval:org.secpod.oval:def:1900751 chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of serv ... oval:org.secpod.oval:def:602653 Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service or incorrect certificate validation. oval:org.secpod.oval:def:1901327 Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service via a zero length error correcting redundancy packet for a UDPTL FAX packet ... |