Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
Typedeb
Namespacedebian
Nameasterisk
Version1:22.9.0+dfsg+~cs6.16.60671434-1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1qxc-4xk5-2feu
vulnerability_id VCID-1qxc-4xk5-2feu
summary Asterisk: Asterisk: Arbitrary code execution and file overwrite as root via insecure ast_coredumper file handling
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23740.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23740.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23740
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.025
published_at 2026-04-02T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02517
published_at 2026-04-08T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02514
published_at 2026-04-07T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02538
published_at 2026-04-09T12:55:00Z
4
value 0.00014
scoring_system epss
scoring_elements 0.02516
published_at 2026-04-11T12:55:00Z
5
value 0.00014
scoring_system epss
scoring_elements 0.02504
published_at 2026-04-12T12:55:00Z
6
value 0.00014
scoring_system epss
scoring_elements 0.02503
published_at 2026-04-13T12:55:00Z
7
value 0.00014
scoring_system epss
scoring_elements 0.02512
published_at 2026-04-04T12:55:00Z
8
value 0.00016
scoring_system epss
scoring_elements 0.03531
published_at 2026-04-16T12:55:00Z
9
value 0.00016
scoring_system epss
scoring_elements 0.03544
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23740
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23740
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23740
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
reference_id 1127438
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2437723
reference_id 2437723
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2437723
5
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c
reference_id GHSA-xpc6-x892-v83c
reference_type
scores
0
value 0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-06T19:11:52Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c
fixed_packages
0
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1
1
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1
aliases CVE-2026-23740
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1qxc-4xk5-2feu
1
url VCID-2qjc-yspn-xydj
vulnerability_id VCID-2qjc-yspn-xydj
summary Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47780
reference_id
reference_type
scores
0
value 0.00577
scoring_system epss
scoring_elements 0.68869
published_at 2026-04-18T12:55:00Z
1
value 0.00577
scoring_system epss
scoring_elements 0.68859
published_at 2026-04-16T12:55:00Z
2
value 0.00577
scoring_system epss
scoring_elements 0.6877
published_at 2026-04-02T12:55:00Z
3
value 0.00577
scoring_system epss
scoring_elements 0.6879
published_at 2026-04-04T12:55:00Z
4
value 0.00577
scoring_system epss
scoring_elements 0.68768
published_at 2026-04-07T12:55:00Z
5
value 0.00577
scoring_system epss
scoring_elements 0.6882
published_at 2026-04-08T12:55:00Z
6
value 0.00577
scoring_system epss
scoring_elements 0.68839
published_at 2026-04-09T12:55:00Z
7
value 0.00577
scoring_system epss
scoring_elements 0.68862
published_at 2026-04-11T12:55:00Z
8
value 0.00577
scoring_system epss
scoring_elements 0.68847
published_at 2026-04-12T12:55:00Z
9
value 0.00577
scoring_system epss
scoring_elements 0.68818
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47780
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47780
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47780
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106530
reference_id 1106530
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106530
3
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2
reference_id GHSA-c7p6-7mvq-8jq2
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:24:44Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2
fixed_packages
0
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1
1
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1
aliases CVE-2025-47780
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2qjc-yspn-xydj
2
url VCID-43ff-97jw-hkce
vulnerability_id VCID-43ff-97jw-hkce
summary Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-1131
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.13834
published_at 2026-04-18T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.1384
published_at 2026-04-16T12:55:00Z
2
value 0.00045
scoring_system epss
scoring_elements 0.14083
published_at 2026-04-02T12:55:00Z
3
value 0.00045
scoring_system epss
scoring_elements 0.14137
published_at 2026-04-04T12:55:00Z
4
value 0.00045
scoring_system epss
scoring_elements 0.13943
published_at 2026-04-07T12:55:00Z
5
value 0.00045
scoring_system epss
scoring_elements 0.14025
published_at 2026-04-08T12:55:00Z
6
value 0.00045
scoring_system epss
scoring_elements 0.14078
published_at 2026-04-09T12:55:00Z
7
value 0.00045
scoring_system epss
scoring_elements 0.14023
published_at 2026-04-11T12:55:00Z
8
value 0.00045
scoring_system epss
scoring_elements 0.13986
published_at 2026-04-12T12:55:00Z
9
value 0.00045
scoring_system epss
scoring_elements 0.13936
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-1131
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1131
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1131
2
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp
reference_id GHSA-v9q8-9j8m-5xwp
reference_type
scores
0
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/V:C/RE:H/U:Amber
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-24T03:55:15Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp
3
reference_url https://security.gentoo.org/glsa/202601-04
reference_id GLSA-202601-04
reference_type
scores
url https://security.gentoo.org/glsa/202601-04
fixed_packages
0
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1
1
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1
aliases CVE-2025-1131
risk_score 3.1
exploitability 0.5
weighted_severity 6.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-43ff-97jw-hkce
3
url VCID-63fe-saga-13ct
vulnerability_id VCID-63fe-saga-13ct
summary Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54995
reference_id
reference_type
scores
0
value 0.00991
scoring_system epss
scoring_elements 0.76862
published_at 2026-04-04T12:55:00Z
1
value 0.00991
scoring_system epss
scoring_elements 0.76935
published_at 2026-04-18T12:55:00Z
2
value 0.00991
scoring_system epss
scoring_elements 0.7693
published_at 2026-04-16T12:55:00Z
3
value 0.00991
scoring_system epss
scoring_elements 0.76889
published_at 2026-04-13T12:55:00Z
4
value 0.00991
scoring_system epss
scoring_elements 0.76894
published_at 2026-04-12T12:55:00Z
5
value 0.00991
scoring_system epss
scoring_elements 0.76914
published_at 2026-04-11T12:55:00Z
6
value 0.00991
scoring_system epss
scoring_elements 0.76886
published_at 2026-04-09T12:55:00Z
7
value 0.00991
scoring_system epss
scoring_elements 0.76876
published_at 2026-04-08T12:55:00Z
8
value 0.00991
scoring_system epss
scoring_elements 0.76844
published_at 2026-04-07T12:55:00Z
9
value 0.01038
scoring_system epss
scoring_elements 0.77363
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54995
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54995
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54995
2
reference_url https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9
reference_id 0278f5bde14565c6838a6ec39bc21aee0cde56a9
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/
url https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9
3
reference_url https://github.com/asterisk/asterisk/pull/1405
reference_id 1405
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/
url https://github.com/asterisk/asterisk/pull/1405
4
reference_url https://github.com/asterisk/asterisk/pull/1406
reference_id 1406
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/
url https://github.com/asterisk/asterisk/pull/1406
5
reference_url https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d
reference_id eafcd7a451dcd007dddf324ac37dd55a4808338d
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/
url https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d
6
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2
reference_id GHSA-557q-795j-wfx2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2
fixed_packages
0
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1
1
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1
aliases CVE-2025-54995
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63fe-saga-13ct
4
url VCID-8kjy-xtm2-bqan
vulnerability_id VCID-8kjy-xtm2-bqan
summary Asterisk: Asterisk: Local file disclosure via unsafe XML parsing
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23739.json
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23739.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23739
reference_id
reference_type
scores
0
value 0.00048
scoring_system epss
scoring_elements 0.14927
published_at 2026-04-02T12:55:00Z
1
value 0.00048
scoring_system epss
scoring_elements 0.14898
published_at 2026-04-08T12:55:00Z
2
value 0.00048
scoring_system epss
scoring_elements 0.14948
published_at 2026-04-09T12:55:00Z
3
value 0.00048
scoring_system epss
scoring_elements 0.14913
published_at 2026-04-11T12:55:00Z
4
value 0.00048
scoring_system epss
scoring_elements 0.14875
published_at 2026-04-12T12:55:00Z
5
value 0.00048
scoring_system epss
scoring_elements 0.14816
published_at 2026-04-13T12:55:00Z
6
value 0.00048
scoring_system epss
scoring_elements 0.15004
published_at 2026-04-04T12:55:00Z
7
value 0.00048
scoring_system epss
scoring_elements 0.14808
published_at 2026-04-07T12:55:00Z
8
value 0.00055
scoring_system epss
scoring_elements 0.17345
published_at 2026-04-16T12:55:00Z
9
value 0.00055
scoring_system epss
scoring_elements 0.17353
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23739
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23739
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23739
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
reference_id 1127438
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2437909
reference_id 2437909
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2437909
5
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42
reference_id GHSA-85x7-54wr-vh42
reference_type
scores
0
value 2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:36:34Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42
fixed_packages
0
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1
1
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1
aliases CVE-2026-23739
risk_score 0.9
exploitability 0.5
weighted_severity 1.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8kjy-xtm2-bqan
5
url VCID-9u4p-wdky-a3h1
vulnerability_id VCID-9u4p-wdky-a3h1
summary Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42365
reference_id
reference_type
scores
0
value 0.3195
scoring_system epss
scoring_elements 0.96795
published_at 2026-04-02T12:55:00Z
1
value 0.3195
scoring_system epss
scoring_elements 0.96822
published_at 2026-04-18T12:55:00Z
2
value 0.3195
scoring_system epss
scoring_elements 0.96819
published_at 2026-04-16T12:55:00Z
3
value 0.3195
scoring_system epss
scoring_elements 0.96812
published_at 2026-04-13T12:55:00Z
4
value 0.3195
scoring_system epss
scoring_elements 0.9681
published_at 2026-04-09T12:55:00Z
5
value 0.3195
scoring_system epss
scoring_elements 0.96809
published_at 2026-04-08T12:55:00Z
6
value 0.3195
scoring_system epss
scoring_elements 0.96801
published_at 2026-04-07T12:55:00Z
7
value 0.3195
scoring_system epss
scoring_elements 0.96796
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42365
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078574
reference_id 1078574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078574
3
reference_url https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
reference_id 42a2f4ccfa2c7062a15063e765916b3332e34cc4
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
4
reference_url https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
reference_id 7a0090325bfa9d778a39ae5f7d0a98109e4651c8
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
5
reference_url https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71
reference_id b4063bf756272254b160b6d1bd6e9a3f8e16cc71
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71
6
reference_url https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993
reference_id bbe68db10ab8a80c29db383e4dfe14f6eafaf993
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993
7
reference_url https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2
reference_id faddd99f2b9408b524e5eb8a01589fe1fa282df2
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2
8
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44
reference_id GHSA-c4cg-9275-6w44
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44
9
reference_url https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426
reference_id manager.c#L6426
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426
10
reference_url https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426
reference_id manager.c#L6426
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426
fixed_packages
0
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1
1
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1
aliases CVE-2024-42365
risk_score 10.0
exploitability 2.0
weighted_severity 6.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9u4p-wdky-a3h1
6
url VCID-gy3u-c6dc-sbbn
vulnerability_id VCID-gy3u-c6dc-sbbn
summary An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53566
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.15396
published_at 2026-04-18T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.15567
published_at 2026-04-11T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.1553
published_at 2026-04-12T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.15466
published_at 2026-04-13T12:55:00Z
4
value 0.0005
scoring_system epss
scoring_elements 0.15391
published_at 2026-04-16T12:55:00Z
5
value 0.0005
scoring_system epss
scoring_elements 0.15594
published_at 2026-04-02T12:55:00Z
6
value 0.0005
scoring_system epss
scoring_elements 0.15662
published_at 2026-04-04T12:55:00Z
7
value 0.0005
scoring_system epss
scoring_elements 0.15461
published_at 2026-04-07T12:55:00Z
8
value 0.0005
scoring_system epss
scoring_elements 0.15548
published_at 2026-04-08T12:55:00Z
9
value 0.0005
scoring_system epss
scoring_elements 0.15603
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53566
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53566
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53566
2
reference_url https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616
reference_id e7c0f44ffb38c00320aa1a6d98bee616
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:37:51Z/
url https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616
3
reference_url https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556
reference_id manager.c#L2556
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:37:51Z/
url https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556
fixed_packages
0
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1
1
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1
aliases CVE-2024-53566
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gy3u-c6dc-sbbn
7
url VCID-phb4-xaj7-byg2
vulnerability_id VCID-phb4-xaj7-byg2
summary Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23741
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.1028
published_at 2026-04-02T12:55:00Z
1
value 0.00035
scoring_system epss
scoring_elements 0.10381
published_at 2026-04-09T12:55:00Z
2
value 0.00035
scoring_system epss
scoring_elements 0.10412
published_at 2026-04-11T12:55:00Z
3
value 0.00035
scoring_system epss
scoring_elements 0.10373
published_at 2026-04-12T12:55:00Z
4
value 0.00035
scoring_system epss
scoring_elements 0.10351
published_at 2026-04-13T12:55:00Z
5
value 0.00035
scoring_system epss
scoring_elements 0.10347
published_at 2026-04-04T12:55:00Z
6
value 0.00035
scoring_system epss
scoring_elements 0.10245
published_at 2026-04-07T12:55:00Z
7
value 0.00035
scoring_system epss
scoring_elements 0.10319
published_at 2026-04-08T12:55:00Z
8
value 0.00041
scoring_system epss
scoring_elements 0.12244
published_at 2026-04-18T12:55:00Z
9
value 0.00041
scoring_system epss
scoring_elements 0.12246
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23741
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23741
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23741
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
reference_id 1127438
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
3
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3
reference_id GHSA-rvch-3jmx-3jf3
reference_type
scores
0
value 0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:22:49Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3
fixed_packages
0
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1
1
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1
aliases CVE-2026-23741
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-phb4-xaj7-byg2
8
url VCID-qcqe-63ev-f7gv
vulnerability_id VCID-qcqe-63ev-f7gv
summary Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42491
reference_id
reference_type
scores
0
value 0.00963
scoring_system epss
scoring_elements 0.76565
published_at 2026-04-11T12:55:00Z
1
value 0.00963
scoring_system epss
scoring_elements 0.76584
published_at 2026-04-18T12:55:00Z
2
value 0.00963
scoring_system epss
scoring_elements 0.7658
published_at 2026-04-16T12:55:00Z
3
value 0.00963
scoring_system epss
scoring_elements 0.76545
published_at 2026-04-12T12:55:00Z
4
value 0.00963
scoring_system epss
scoring_elements 0.76484
published_at 2026-04-02T12:55:00Z
5
value 0.00963
scoring_system epss
scoring_elements 0.76513
published_at 2026-04-04T12:55:00Z
6
value 0.00963
scoring_system epss
scoring_elements 0.76496
published_at 2026-04-07T12:55:00Z
7
value 0.00963
scoring_system epss
scoring_elements 0.76528
published_at 2026-04-08T12:55:00Z
8
value 0.00963
scoring_system epss
scoring_elements 0.76539
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42491
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42491
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42491
2
reference_url https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
reference_id 42a2f4ccfa2c7062a15063e765916b3332e34cc4
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/
url https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
3
reference_url https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742
reference_id 4f01669c7c41c9184f3cce9a3cf1b2ebf6201742
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/
url https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742
4
reference_url https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2
reference_id 50bf8d4d3064930d28ecf1ce3397b14574d514d2
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/
url https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2
5
reference_url https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
reference_id 7a0090325bfa9d778a39ae5f7d0a98109e4651c8
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/
url https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
6
reference_url https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0
reference_id a15050650abf09c10a3c135fab148220cd41d3a0
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/
url https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0
7
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9
reference_id GHSA-v428-g3cw-7hv9
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9
fixed_packages
0
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1
1
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1
aliases CVE-2024-42491
risk_score 2.5
exploitability 0.5
weighted_severity 5.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qcqe-63ev-f7gv
9
url VCID-r54j-ydjm-4uca
vulnerability_id VCID-r54j-ydjm-4uca
summary Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the Asterisk product directory (aka directory traversal) and the attack can only be performed by a privileged user who has the ability to manage the configuration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-57520
reference_id
reference_type
scores
0
value 0.03515
scoring_system epss
scoring_elements 0.87649
published_at 2026-04-18T12:55:00Z
1
value 0.03515
scoring_system epss
scoring_elements 0.8763
published_at 2026-04-09T12:55:00Z
2
value 0.03515
scoring_system epss
scoring_elements 0.87641
published_at 2026-04-11T12:55:00Z
3
value 0.03515
scoring_system epss
scoring_elements 0.87636
published_at 2026-04-12T12:55:00Z
4
value 0.03515
scoring_system epss
scoring_elements 0.87634
published_at 2026-04-13T12:55:00Z
5
value 0.03515
scoring_system epss
scoring_elements 0.87588
published_at 2026-04-02T12:55:00Z
6
value 0.03515
scoring_system epss
scoring_elements 0.87601
published_at 2026-04-04T12:55:00Z
7
value 0.03515
scoring_system epss
scoring_elements 0.87604
published_at 2026-04-07T12:55:00Z
8
value 0.03515
scoring_system epss
scoring_elements 0.87624
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-57520
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57520
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57520
2
reference_url https://github.com/asterisk/asterisk/issues/1122
reference_id 1122
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T15:16:16Z/
url https://github.com/asterisk/asterisk/issues/1122
3
reference_url https://gist.github.com/hyp164D1/ae76ab25acfbe263b2ed7b24b6e5c621
reference_id ae76ab25acfbe263b2ed7b24b6e5c621
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T15:16:16Z/
url https://gist.github.com/hyp164D1/ae76ab25acfbe263b2ed7b24b6e5c621
fixed_packages
0
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1
1
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1
aliases CVE-2024-57520
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r54j-ydjm-4uca
10
url VCID-u91b-9huy-43hn
vulnerability_id VCID-u91b-9huy-43hn
summary Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47779
reference_id
reference_type
scores
0
value 0.00279
scoring_system epss
scoring_elements 0.51374
published_at 2026-04-18T12:55:00Z
1
value 0.00279
scoring_system epss
scoring_elements 0.51338
published_at 2026-04-12T12:55:00Z
2
value 0.00279
scoring_system epss
scoring_elements 0.51324
published_at 2026-04-13T12:55:00Z
3
value 0.00279
scoring_system epss
scoring_elements 0.51367
published_at 2026-04-16T12:55:00Z
4
value 0.00279
scoring_system epss
scoring_elements 0.51279
published_at 2026-04-02T12:55:00Z
5
value 0.00279
scoring_system epss
scoring_elements 0.51304
published_at 2026-04-04T12:55:00Z
6
value 0.00279
scoring_system epss
scoring_elements 0.51264
published_at 2026-04-07T12:55:00Z
7
value 0.00279
scoring_system epss
scoring_elements 0.51319
published_at 2026-04-08T12:55:00Z
8
value 0.00279
scoring_system epss
scoring_elements 0.51316
published_at 2026-04-09T12:55:00Z
9
value 0.00279
scoring_system epss
scoring_elements 0.51359
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47779
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47779
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47779
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106528
reference_id 1106528
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106528
3
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw
reference_id GHSA-2grh-7mhv-fcfw
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:25:58Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw
4
reference_url https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample
reference_id pjsip.conf.sample
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:25:58Z/
url https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample
fixed_packages
0
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1
1
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1
aliases CVE-2025-47779
risk_score 3.5
exploitability 0.5
weighted_severity 6.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u91b-9huy-43hn
11
url VCID-ytty-tbs1-ffc7
vulnerability_id VCID-ytty-tbs1-ffc7
summary Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. The endpoint at GET /httpstatus is the potential vulnerable endpoint relating to asterisk/main /http.c. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23738
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13683
published_at 2026-04-02T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.13678
published_at 2026-04-09T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.13648
published_at 2026-04-11T12:55:00Z
3
value 0.00044
scoring_system epss
scoring_elements 0.13611
published_at 2026-04-12T12:55:00Z
4
value 0.00044
scoring_system epss
scoring_elements 0.13564
published_at 2026-04-13T12:55:00Z
5
value 0.00044
scoring_system epss
scoring_elements 0.13745
published_at 2026-04-04T12:55:00Z
6
value 0.00044
scoring_system epss
scoring_elements 0.13546
published_at 2026-04-07T12:55:00Z
7
value 0.00044
scoring_system epss
scoring_elements 0.13627
published_at 2026-04-08T12:55:00Z
8
value 0.00051
scoring_system epss
scoring_elements 0.15831
published_at 2026-04-18T12:55:00Z
9
value 0.00051
scoring_system epss
scoring_elements 0.15817
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23738
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23738
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23738
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
reference_id 1127438
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
3
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh
reference_id GHSA-v6hp-wh3r-cwxh
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:43:40Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh
fixed_packages
0
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1
1
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1
aliases CVE-2026-23738
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ytty-tbs1-ffc7
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1