Open Source
Approved changes feed: RSS · Atom
cpe:2.3:a:asterisk:open_source:1.2.0beta2:*:*:*:*:*:*:*
part: a version: 1.2.0beta2 update: *
| Vendor | Asterisk (8cf0208b-fb97-57c9-94a0-6da40e548dcd) |
|---|---|
| Product | Open Source (8a2c0991-ed09-534c-8225-148908a50b94) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/asterisk |
purl2cpe | 2026-06-01 10:15:23.121617 |
pkg:deb/ubuntu/asterisk |
purl2cpe | 2026-06-01 10:15:23.121618 |
pkg:github/asterisk/asterisk |
purl2cpe | 2026-06-01 10:15:23.121620 |
pkg:rpm/fedora/asterisk |
purl2cpe | 2026-06-01 10:15:23.121621 |
pkg:rpm/opensuse/asterisk |
purl2cpe | 2026-06-01 10:15:23.121623 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2009-0041 |
vulnerable | 2026-06-03 14:29:21.950282 |
Details available
IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Published: 2009-01-14T23:00:00.000Z
Updated: 2024-08-07T04:17:10.507Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-3264 |
vulnerable | 2026-06-03 14:28:52.917410 |
Details available
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
Published: 2008-07-24T15:18:00.000Z
Updated: 2024-08-07T09:28:41.869Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-2119 |
vulnerable | 2026-06-03 14:28:43.364481 |
Details available
Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.
Published: 2008-06-04T19:17:00.000Z
Updated: 2024-08-07T08:49:58.663Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-1332 |
vulnerable | 2026-06-03 14:28:40.195235 |
Details available
Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.
Published: 2008-03-20T00:00:00.000Z
Updated: 2024-08-07T08:17:34.472Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2007-6430 |
vulnerable | 2026-06-03 14:28:29.657513 |
Details available
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.
Published: 2007-12-20T02:00:00.000Z
Updated: 2024-08-07T16:02:36.470Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.