Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Asterisk Subscribe
Filtered by product S800i Appliance
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-0041 1 Asterisk 3 Asterisk Business Edition, Open Source, S800i Appliance 2018-10-11 5.0 MEDIUM N/A
IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
CVE-2008-3264 1 Asterisk 5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more 2018-10-11 7.8 HIGH N/A
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
CVE-2007-3762 1 Asterisk 4 Asterisk, Asterisk Appliance Developer Kit, Asterisknow and 1 more 2017-07-28 9.3 HIGH N/A
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
CVE-2007-3764 1 Asterisk 4 Asterisk, Asterisk Appliance Developer Kit, Asterisknow and 1 more 2017-07-28 5.0 MEDIUM N/A
The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy."
CVE-2007-3765 1 Asterisk 4 Asterisk, Asterisk Appliance Developer Kit, Asterisknow and 1 more 2017-07-28 5.0 MEDIUM N/A
The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.
CVE-2007-3763 1 Asterisk 4 Asterisk, Asterisk Appliance Developer Kit, Asterisknow and 1 more 2011-03-07 5.0 MEDIUM N/A
The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.