FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0c39bafc-6771-11e3-868f-0025905a4771asterisk -- multiple vulnerabilities

The Asterisk project reports:

A 16 bit SMS message that contains an odd message length value will cause the message decoding loop to run forever. The message buffer is not on the stack but will be overflowed resulting in corrupted memory and an immediate crash.

External control protocols, such as the Asterisk Manager Interface, often have the ability to get and set channel variables; this allows the execution of dialplan functions. Dialplan functions within Asterisk are incredibly powerful, which is wonderful for building applications using Asterisk. But during the read or write execution, certain diaplan functions do much more. For example, reading the SHELL() function can execute arbitrary commands on the system Asterisk is running on. Writing to the FILE() function can change any file that Asterisk has write access to. When these functions are executed from an external protocol, that execution could result in a privilege escalation.


Discovery 2013-12-16
Entry 2013-12-17
asterisk10
< 10.12.4

asterisk11
< 11.6.1

asterisk18
< 1.8.24.1

CVE-2013-7100
http://downloads.asterisk.org/pub/security/AST-2013-006.pdf
http://downloads.asterisk.org/pub/security/AST-2013-007.pdf
https://www.asterisk.org/security
daf0a339-9850-11e2-879e-d43d7e0c7c02asterisk -- multiple vulnerabilities

Asterisk project reports:

Buffer Overflow Exploit Through SIP SDP Header

Username disclosure in SIP channel driver

Denial of Service in HTTP server


Discovery 2013-03-27
Entry 2013-03-29
asterisk11
gt 11.* lt 11.2.2

asterisk10
gt 10.* lt 10.12.2

asterisk18
gt 1.8.* lt 1.8.20.2

CVE-2013-2685
CVE-2013-2686
CVE-2013-2264
http://downloads.asterisk.org/pub/security/AST-2013-001.html
http://downloads.asterisk.org/pub/security/AST-2013-002.html
http://downloads.asterisk.org/pub/security/AST-2013-003.html
https://www.asterisk.org/security
359f615d-a9e1-11e1-8a66-14dae9ebcf89asterisk -- multiple vulnerabilities

Asterisk project reports:

Remote crash vulnerability in IAX2 channel driver.

Skinny Channel Driver Remote Crash Vulnerability


Discovery 2012-05-29
Entry 2012-05-29
Modified 2012-05-29
asterisk16
gt 1.6.* le 1.6.2.24

asterisk18
gt 1.8.* lt 1.8.12.1

asterisk10
gt 10.* lt 10.4.1

CVE-2012-2947
http://downloads.digium.com/pub/security/AST-2012-007.html
CVE-2012-2948
http://downloads.digium.com/pub/security/AST-2012-008.html
https://www.asterisk.org/security
dd698b76-42f7-11e1-a1b6-14dae9ebcf89asterisk -- SRTP Video Remote Crash Vulnerability

Asterisk project reports:

An attacker attempting to negotiate a secure video stream can crash Asterisk if video support has not been enabled and the res_srtp Asterisk module is loaded.


Discovery 2012-01-15
Entry 2012-01-20
Modified 2013-06-19
asterisk18
< 1.8.8.2

asterisk10
< 10.0.1

http://downloads.asterisk.org/pub/security/AST-2012-001.html
0d530174-6eef-11e1-afd6-14dae9ebcf89asterisk -- multiple vulnerabilities

Asterisk project reports:

Stack Buffer Overflow in HTTP Manager

Remote Crash Vulnerability in Milliwatt Application


Discovery 2012-03-15
Entry 2012-03-15
asterisk14
gt 1.4.* lt 1.4.44

asterisk16
gt 1.6.* lt 1.6.2.23

asterisk18
gt 1.8.* lt 1.8.10.1

asterisk10
gt 10.* lt 10.2.1

http://downloads.asterisk.org/pub/security/AST-2012-002.html
http://downloads.asterisk.org/pub/security/AST-2012-003.html
1c5abbe2-8d7f-11e1-a374-14dae9ebcf89asterisk -- multiple vulnerabilities

Asterisk project reports:

Remote Crash Vulnerability in SIP Channel Driver

Heap Buffer Overflow in Skinny Channel Driver

Asterisk Manager User Unauthorized Shell Access


Discovery 2012-04-23
Entry 2012-04-23
asterisk16
gt 1.6.* lt 1.6.2.24

asterisk18
gt 1.8.* lt 1.8.11.1

asterisk10
gt 10.* lt 10.3.1

http://downloads.digium.com/pub/security/AST-2012-004.html
CVE-2012-2414
http://downloads.digium.com/pub/security/AST-2012-005.html
CVE-2012-2415
http://downloads.digium.com/pub/security/AST-2012-006.html
CVE-2012-2416
3c8d1e5b-b673-11e1-be25-14dae9ebcf89asterisk -- remote crash vulnerability

Asterisk project reports:

Skinny Channel Driver Remote Crash Vulnerability.


Discovery 2012-06-14
Entry 2012-06-14
asterisk10
gt 10.* lt 10.5.1

CVE-2012-3553
http://downloads.digium.com/pub/security/AST-2012-009.html
https://www.asterisk.org/security
f7c87a8a-55d5-11e2-a255-c8600054b392asterisk -- multiple vulnerabilities

Asterisk project reports:

Crashes due to large stack allocations when using TCP

Denial of Service Through Exploitation of Device State Caching


Discovery 2013-01-02
Entry 2013-01-03
asterisk11
gt 11.* lt 11.1.2

asterisk10
gt 10.* lt 10.11.1

asterisk18
gt 1.8.* lt 1.8.19.1

CVE-2012-5976
CVE-2012-5977
http://downloads.digium.com/pub/security/AST-2012-014.html
http://downloads.digium.com/pub/security/AST-2012-015.html
https://www.asterisk.org/security
fd2bf3b5-1001-11e3-ba94-0025905a4771asterisk -- multiple vulnerabilities

The Asterisk project reports:

Remote Crash From Late Arriving SIP ACK With SDP

Remote Crash when Invalid SDP is sent in SIP Request


Discovery 2013-08-27
Entry 2013-08-28
Modified 2013-08-29
asterisk11
gt 11.* lt 11.5.1

asterisk10
gt 10.* lt 10.12.3

asterisk18
gt 1.8.* lt 1.8.21.1

CVE-2013-5641
CVE-2013-5642
http://downloads.asterisk.org/pub/security/AST-2013-004.html
http://downloads.asterisk.org/pub/security/AST-2013-005.html
https://www.asterisk.org/security