Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
Typedeb
Namespacedebian
Nameasterisk
Version1:16.28.0~dfsg-0+deb11u4
Qualifiers
distro sid
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0
Latest_non_vulnerable_version1:22.9.0+dfsg+~cs6.16.60671434-1
Affected_by_vulnerabilities
0
url VCID-gh5j-yza2-v3fu
vulnerability_id VCID-gh5j-yza2-v3fu
summary Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the Asterisk product directory (aka directory traversal) and the attack can only be performed by a privileged user who has the ability to manage the configuration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-57520
reference_id
reference_type
scores
0
value 0.03515
scoring_system epss
scoring_elements 0.87834
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-57520
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57520
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57520
2
reference_url https://github.com/asterisk/asterisk/issues/1122
reference_id 1122
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T15:16:16Z/
url https://github.com/asterisk/asterisk/issues/1122
3
reference_url https://gist.github.com/hyp164D1/ae76ab25acfbe263b2ed7b24b6e5c621
reference_id ae76ab25acfbe263b2ed7b24b6e5c621
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T15:16:16Z/
url https://gist.github.com/hyp164D1/ae76ab25acfbe263b2ed7b24b6e5c621
fixed_packages
0
url pkg:deb/debian/asterisk@1:22.3.0~dfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.3.0~dfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.3.0~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2024-57520
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gh5j-yza2-v3fu
Fixing_vulnerabilities
0
url VCID-16jk-y7k8-j7be
vulnerability_id VCID-16jk-y7k8-j7be
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-15639
reference_id
reference_type
scores
0
value 0.06064
scoring_system epss
scoring_elements 0.90879
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-15639
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2019-15639
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-16jk-y7k8-j7be
1
url VCID-1ge4-qj69-5uhf
vulnerability_id VCID-1ge4-qj69-5uhf
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42705
reference_id
reference_type
scores
0
value 0.01516
scoring_system epss
scoring_elements 0.81524
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42705
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://downloads.asterisk.org/pub/security/AST-2022-008.html
reference_id AST-2022-008.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/
url https://downloads.asterisk.org/pub/security/AST-2022-008.html
10
reference_url https://www.debian.org/security/2023/dsa-5358
reference_id dsa-5358
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/
url https://www.debian.org/security/2023/dsa-5358
11
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
12
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
reference_id msg00029.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.0.1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-42705
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ge4-qj69-5uhf
2
url VCID-1kgt-fs6d-fyfd
vulnerability_id VCID-1kgt-fs6d-fyfd
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23547
reference_id
reference_type
scores
0
value 0.00395
scoring_system epss
scoring_elements 0.60649
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23547
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092
reference_id 1032092
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092
10
reference_url https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36
reference_id bc4812d31a67d5e2f973fbfaf950d6118226cf36
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/
url https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36
11
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
reference_id GHSA-9pfh-r8x4-w26w
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
12
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr
reference_id GHSA-cxwq-5g9x-x7fr
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr
13
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
14
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:20.4.0~dfsg%2B~cs6.13.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.4.0~dfsg%2B~cs6.13.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.4.0~dfsg%252B~cs6.13.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-23547
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1kgt-fs6d-fyfd
3
url VCID-1qv8-5g7m-9faq
vulnerability_id VCID-1qv8-5g7m-9faq
summary In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14098
reference_id
reference_type
scores
0
value 0.40123
scoring_system epss
scoring_elements 0.97404
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14098
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14098
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14098
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873909
reference_id 873909
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873909
3
reference_url https://security.gentoo.org/glsa/201710-29
reference_id GLSA-201710-29
reference_type
scores
url https://security.gentoo.org/glsa/201710-29
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.17.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.17.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.17.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2017-14098
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1qv8-5g7m-9faq
4
url VCID-1xch-hgev-7ugp
vulnerability_id VCID-1xch-hgev-7ugp
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49294
reference_id
reference_type
scores
0
value 0.17085
scoring_system epss
scoring_elements 0.95106
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49294
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059032
reference_id 1059032
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059032
6
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:20.5.1~dfsg%2B~cs6.13.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.5.1~dfsg%2B~cs6.13.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.5.1~dfsg%252B~cs6.13.40431414-1%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2023-49294
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xch-hgev-7ugp
5
url VCID-23bk-txpw-dugx
vulnerability_id VCID-23bk-txpw-dugx
summary Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7617
reference_id
reference_type
scores
0
value 0.22039
scoring_system epss
scoring_elements 0.95877
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7617
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7617
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7617
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859910
reference_id 859910
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859910
3
reference_url https://usn.ubuntu.com/USN-4814-1/
reference_id USN-USN-4814-1
reference_type
scores
url https://usn.ubuntu.com/USN-4814-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.14.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.14.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2017-7617
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-23bk-txpw-dugx
6
url VCID-27vm-xs6e-qbcu
vulnerability_id VCID-27vm-xs6e-qbcu
summary chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-4063
reference_id
reference_type
scores
0
value 0.06434
scoring_system epss
scoring_elements 0.91197
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-4063
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4063
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4063
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647252
reference_id 647252
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647252
3
reference_url https://security.gentoo.org/glsa/201110-21
reference_id GLSA-201110-21
reference_type
scores
url https://security.gentoo.org/glsa/201110-21
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.7.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.7.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.7.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-4063
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-27vm-xs6e-qbcu
7
url VCID-2958-ba68-zber
vulnerability_id VCID-2958-ba68-zber
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24786
reference_id
reference_type
scores
0
value 0.00738
scoring_system epss
scoring_elements 0.73168
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24786
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976
reference_id 1014976
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976
22
reference_url https://security.gentoo.org/glsa/202210-37
reference_id GLSA-202210-37
reference_type
scores
url https://security.gentoo.org/glsa/202210-37
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%2B~cs6.12.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%2B~cs6.12.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-24786
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2958-ba68-zber
8
url VCID-2fgw-f9ej-2khk
vulnerability_id VCID-2fgw-f9ej-2khk
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14100
reference_id
reference_type
scores
0
value 0.33558
scoring_system epss
scoring_elements 0.97014
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14100
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14099
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14099
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14100
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14100
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873908
reference_id 873908
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873908
4
reference_url https://security.gentoo.org/glsa/201710-29
reference_id GLSA-201710-29
reference_type
scores
url https://security.gentoo.org/glsa/201710-29
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.17.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.17.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.17.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2017-14100
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2fgw-f9ej-2khk
9
url VCID-2gyd-ta4s-nuhq
vulnerability_id VCID-2gyd-ta4s-nuhq
summary chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2948
reference_id
reference_type
scores
0
value 0.03932
scoring_system epss
scoring_elements 0.88522
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2948
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2948
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2948
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675210
reference_id 675210
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675210
3
reference_url https://security.gentoo.org/glsa/201206-05
reference_id GLSA-201206-05
reference_type
scores
url https://security.gentoo.org/glsa/201206-05
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.13.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.13.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2012-2948
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2gyd-ta4s-nuhq
10
url VCID-2n6j-2vwn-23cu
vulnerability_id VCID-2n6j-2vwn-23cu
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42491
reference_id
reference_type
scores
0
value 0.00963
scoring_system epss
scoring_elements 0.76833
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42491
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42491
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42491
2
reference_url https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
reference_id 42a2f4ccfa2c7062a15063e765916b3332e34cc4
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/
url https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
3
reference_url https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742
reference_id 4f01669c7c41c9184f3cce9a3cf1b2ebf6201742
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/
url https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742
4
reference_url https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2
reference_id 50bf8d4d3064930d28ecf1ce3397b14574d514d2
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/
url https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2
5
reference_url https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
reference_id 7a0090325bfa9d778a39ae5f7d0a98109e4651c8
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/
url https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
6
reference_url https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0
reference_id a15050650abf09c10a3c135fab148220cd41d3a0
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/
url https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0
7
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9
reference_id GHSA-v428-g3cw-7hv9
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u5?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u5?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u5%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:20.9.3~dfsg%2B~cs6.14.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.9.3~dfsg%2B~cs6.14.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.9.3~dfsg%252B~cs6.14.60671435-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2024-42491
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2n6j-2vwn-23cu
11
url VCID-2u8a-413w-eufb
vulnerability_id VCID-2u8a-413w-eufb
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14603
reference_id
reference_type
scores
0
value 0.00747
scoring_system epss
scoring_elements 0.73378
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14603
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14603
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14603
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876328
reference_id 876328
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876328
3
reference_url https://security.gentoo.org/glsa/201710-29
reference_id GLSA-201710-29
reference_type
scores
url https://security.gentoo.org/glsa/201710-29
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.17.2~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.17.2~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.17.2~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2017-14603
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2u8a-413w-eufb
12
url VCID-2xxf-t9ck-a7dj
vulnerability_id VCID-2xxf-t9ck-a7dj
summary Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2006-5444
reference_id
reference_type
scores
0
value 0.87055
scoring_system epss
scoring_elements 0.99455
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2006-5444
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5444
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5444
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=395080
reference_id 395080
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=395080
3
reference_url https://security.gentoo.org/glsa/200610-15
reference_id GLSA-200610-15
reference_type
scores
url https://security.gentoo.org/glsa/200610-15
4
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/2597.pl
reference_id OSVDB-29972;CVE-2006-5444
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/2597.pl
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.2.13~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.2.13~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.2.13~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2006-5444
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xxf-t9ck-a7dj
13
url VCID-2z7b-d497-jbb6
vulnerability_id VCID-2z7b-d497-jbb6
summary The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-3264
reference_id
reference_type
scores
0
value 0.07458
scoring_system epss
scoring_elements 0.9188
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-3264
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3264
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3264
2
reference_url https://security.gentoo.org/glsa/200905-01
reference_id GLSA-200905-01
reference_type
scores
url https://security.gentoo.org/glsa/200905-01
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.21.2~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.21.2~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.21.2~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2008-3264
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2z7b-d497-jbb6
14
url VCID-2znv-h5e5-83ba
vulnerability_id VCID-2znv-h5e5-83ba
summary chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2536
reference_id
reference_type
scores
0
value 0.00187
scoring_system epss
scoring_elements 0.40346
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2536
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2536
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2536
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632029
reference_id 632029
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632029
3
reference_url https://security.gentoo.org/glsa/201110-21
reference_id GLSA-201110-21
reference_type
scores
url https://security.gentoo.org/glsa/201110-21
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.4.4~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.4.4~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.4.4~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-2536
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2znv-h5e5-83ba
15
url VCID-35pt-pmnz-d7ah
vulnerability_id VCID-35pt-pmnz-d7ah
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12227
reference_id
reference_type
scores
0
value 0.0106
scoring_system epss
scoring_elements 0.77934
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12227
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902954
reference_id 902954
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902954
6
reference_url https://security.gentoo.org/glsa/201811-11
reference_id GLSA-201811-11
reference_type
scores
url https://security.gentoo.org/glsa/201811-11
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.22.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.22.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.22.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2018-12227
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-35pt-pmnz-d7ah
16
url VCID-3ary-4n7t-4uat
vulnerability_id VCID-3ary-4n7t-4uat
summary asterisk: HTTP Manager ID is predictable (AST-2008-005)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1390.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1390.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-1390
reference_id
reference_type
scores
0
value 0.03015
scoring_system epss
scoring_elements 0.86833
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-1390
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1390
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1390
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=438131
reference_id 438131
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=438131
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2008-1390
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ary-4n7t-4uat
17
url VCID-3j5q-cg6c-37ca
vulnerability_id VCID-3j5q-cg6c-37ca
summary The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2666
reference_id
reference_type
scores
0
value 0.0059
scoring_system epss
scoring_elements 0.69494
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2666
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2666
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2666
2
reference_url https://security.gentoo.org/glsa/201110-21
reference_id GLSA-201110-21
reference_type
scores
url https://security.gentoo.org/glsa/201110-21
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.3.3-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-2666
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3j5q-cg6c-37ca
18
url VCID-3qtt-h73s-afed
vulnerability_id VCID-3qtt-h73s-afed
summary chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2947
reference_id
reference_type
scores
0
value 0.04301
scoring_system epss
scoring_elements 0.89045
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2947
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2947
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2947
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675204
reference_id 675204
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675204
3
reference_url https://security.gentoo.org/glsa/201206-05
reference_id GLSA-201206-05
reference_type
scores
url https://security.gentoo.org/glsa/201206-05
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.13.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.13.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2012-2947
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3qtt-h73s-afed
19
url VCID-3sq8-pd6a-s7gk
vulnerability_id VCID-3sq8-pd6a-s7gk
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43804
reference_id
reference_type
scores
0
value 0.003
scoring_system epss
scoring_elements 0.53588
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43804
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id 1014998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
22
reference_url https://security.gentoo.org/glsa/202210-37
reference_id GLSA-202210-37
reference_type
scores
url https://security.gentoo.org/glsa/202210-37
23
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.12.0~dfsg%2B~cs6.12.40431413-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.12.0~dfsg%2B~cs6.12.40431413-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.12.0~dfsg%252B~cs6.12.40431413-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2021-43804
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3sq8-pd6a-s7gk
20
url VCID-3sxs-zzug-e3dd
vulnerability_id VCID-3sxs-zzug-e3dd
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27585
reference_id
reference_type
scores
0
value 0.00495
scoring_system epss
scoring_elements 0.66037
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27585
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27585
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27585
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036697
reference_id 1036697
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036697
3
reference_url https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5
reference_id d1c5e4da5bae7f220bc30719888bb389c905c0c5
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/
url https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5
4
reference_url https://www.debian.org/security/2023/dsa-5438
reference_id dsa-5438
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/
url https://www.debian.org/security/2023/dsa-5438
5
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
reference_id GHSA-p6g5-v97c-w5q4
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
6
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr
reference_id GHSA-q9cp-8wcq-7pfr
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr
7
reference_url https://security.gentoo.org/glsa/202409-05
reference_id GLSA-202409-05
reference_type
scores
url https://security.gentoo.org/glsa/202409-05
8
reference_url https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm
reference_id group__PJ__DNS__RESOLVER.htm
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/
url https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm
9
reference_url https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html
reference_id msg00020.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/
url https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html
10
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
11
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
12
reference_url https://usn.ubuntu.com/6422-2/
reference_id USN-6422-2
reference_type
scores
url https://usn.ubuntu.com/6422-2/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:20.4.0~dfsg%2B~cs6.13.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.4.0~dfsg%2B~cs6.13.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.4.0~dfsg%252B~cs6.13.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2023-27585
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3sxs-zzug-e3dd
21
url VCID-4278-jnsa-byd6
vulnerability_id VCID-4278-jnsa-byd6
summary The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-1561
reference_id
reference_type
scores
0
value 0.20671
scoring_system epss
scoring_elements 0.95688
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-1561
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1561
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1561
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415466
reference_id 415466
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415466
3
reference_url https://security.gentoo.org/glsa/200704-01
reference_id GLSA-200704-01
reference_type
scores
url https://security.gentoo.org/glsa/200704-01
4
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/3566.pl
reference_id OSVDB-34479;CVE-2007-1561
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/3566.pl
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.2~dfsg-5?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.2~dfsg-5?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.2~dfsg-5%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-1561
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4278-jnsa-byd6
22
url VCID-4apf-xu3j-puaz
vulnerability_id VCID-4apf-xu3j-puaz
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-26713
reference_id
reference_type
scores
0
value 0.00212
scoring_system epss
scoring_elements 0.43709
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-26713
1
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2021-26713
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4apf-xu3j-puaz
23
url VCID-4fy9-fsdz-vydu
vulnerability_id VCID-4fy9-fsdz-vydu
summary ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-8414
reference_id
reference_type
scores
0
value 0.01902
scoring_system epss
scoring_elements 0.83551
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-8414
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8414
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8414
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463
reference_id 771463
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463
3
reference_url https://security.gentoo.org/glsa/201412-51
reference_id GLSA-201412-51
reference_type
scores
url https://security.gentoo.org/glsa/201412-51
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.1.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2014-8414
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4fy9-fsdz-vydu
24
url VCID-4kz7-yjas-sbc7
vulnerability_id VCID-4kz7-yjas-sbc7
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24792
reference_id
reference_type
scores
0
value 0.01612
scoring_system epss
scoring_elements 0.82077
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24792
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976
reference_id 1014976
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976
22
reference_url https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213
reference_id 947bc1ee6d05be10204b918df75a503415fd3213
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/
url https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213
23
reference_url https://www.debian.org/security/2022/dsa-5285
reference_id dsa-5285
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/
url https://www.debian.org/security/2022/dsa-5285
24
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799
reference_id GHSA-rwgw-vwxg-q799
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799
25
reference_url https://security.gentoo.org/glsa/202210-37
reference_id GLSA-202210-37
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/
url https://security.gentoo.org/glsa/202210-37
26
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
reference_id msg00021.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/
url https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
27
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html
reference_id msg00047.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/
url https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%2B~cs6.12.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%2B~cs6.12.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-24792
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4kz7-yjas-sbc7
25
url VCID-4x41-u9ak-xkee
vulnerability_id VCID-4x41-u9ak-xkee
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12827
reference_id
reference_type
scores
0
value 0.1959
scoring_system epss
scoring_elements 0.95515
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12827
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12827
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12827
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931980
reference_id 931980
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931980
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.2.1~dfsg-2?distro=sid
purl pkg:deb/debian/asterisk@1:16.2.1~dfsg-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2019-12827
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4x41-u9ak-xkee
26
url VCID-52sm-w418-dfb3
vulnerability_id VCID-52sm-w418-dfb3
summary several
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-5642
reference_id
reference_type
scores
0
value 0.05078
scoring_system epss
scoring_elements 0.8994
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-5642
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5641
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5641
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5642
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5642
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721220
reference_id 721220
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721220
4
reference_url https://security.gentoo.org/glsa/201401-15
reference_id GLSA-201401-15
reference_type
scores
url https://security.gentoo.org/glsa/201401-15
fixed_packages
0
url pkg:deb/debian/asterisk@1:11.5.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:11.5.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.5.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2013-5642
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-52sm-w418-dfb3
27
url VCID-58dv-5kdf-nka1
vulnerability_id VCID-58dv-5kdf-nka1
summary An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9937
reference_id
reference_type
scores
0
value 0.00343
scoring_system epss
scoring_elements 0.5715
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9937
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2016-9937
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-58dv-5kdf-nka1
28
url VCID-59nk-y2rx-jbhf
vulnerability_id VCID-59nk-y2rx-jbhf
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14099
reference_id
reference_type
scores
0
value 0.00368
scoring_system epss
scoring_elements 0.58955
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14099
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14099
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14099
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14100
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14100
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873907
reference_id 873907
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873907
4
reference_url https://security.gentoo.org/glsa/201710-29
reference_id GLSA-201710-29
reference_type
scores
url https://security.gentoo.org/glsa/201710-29
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.17.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.17.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.17.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2017-14099
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-59nk-y2rx-jbhf
29
url VCID-5myw-m4jg-1few
vulnerability_id VCID-5myw-m4jg-1few
summary Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-2119
reference_id
reference_type
scores
0
value 0.10134
scoring_system epss
scoring_elements 0.93222
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-2119
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2119
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2119
2
reference_url https://security.gentoo.org/glsa/200905-01
reference_id GLSA-200905-01
reference_type
scores
url https://security.gentoo.org/glsa/200905-01
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/5749.pl
reference_id OSVDB-46014;CVE-2008-2119
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/5749.pl
fixed_packages
0
url pkg:deb/debian/asterisk@1.4?distro=sid
purl pkg:deb/debian/asterisk@1.4?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1.4%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2008-2119
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5myw-m4jg-1few
30
url VCID-5qst-5wmy-8fhy
vulnerability_id VCID-5qst-5wmy-8fhy
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-37325
reference_id
reference_type
scores
0
value 0.0068
scoring_system epss
scoring_elements 0.71922
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-37325
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://downloads.asterisk.org/pub/security/AST-2022-007.html
reference_id AST-2022-007.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/
url https://downloads.asterisk.org/pub/security/AST-2022-007.html
10
reference_url https://www.debian.org/security/2023/dsa-5358
reference_id dsa-5358
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/
url https://www.debian.org/security/2023/dsa-5358
11
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
12
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
reference_id msg00029.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.0.1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-37325
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5qst-5wmy-8fhy
31
url VCID-5z33-txfx-6bce
vulnerability_id VCID-5z33-txfx-6bce
summary Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1507
reference_id
reference_type
scores
0
value 0.00147
scoring_system epss
scoring_elements 0.34786
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1507
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1507
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1507
2
reference_url https://security.gentoo.org/glsa/201110-21
reference_id GLSA-201110-21
reference_type
scores
url https://security.gentoo.org/glsa/201110-21
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.3.3-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-1507
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5z33-txfx-6bce
32
url VCID-62kq-8qcn-yba6
vulnerability_id VCID-62kq-8qcn-yba6
summary The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-2294
reference_id
reference_type
scores
0
value 0.05909
scoring_system epss
scoring_elements 0.90746
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-2294
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2294
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2294
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.3~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.3~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.3~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-2294
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-62kq-8qcn-yba6
33
url VCID-637n-um64-7bfz
vulnerability_id VCID-637n-um64-7bfz
summary asterisk: remote crash in SIP channel driver (AST-2009-002)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0871.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0871.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-0871
reference_id
reference_type
scores
0
value 0.02947
scoring_system epss
scoring_elements 0.86683
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-0871
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=489725
reference_id 489725
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=489725
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2009-0871
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-637n-um64-7bfz
34
url VCID-67xa-jnpj-87gs
vulnerability_id VCID-67xa-jnpj-87gs
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42706
reference_id
reference_type
scores
0
value 0.0081
scoring_system epss
scoring_elements 0.74527
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42706
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://downloads.asterisk.org/pub/security/AST-2022-009.html
reference_id AST-2022-009.html
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/
url https://downloads.asterisk.org/pub/security/AST-2022-009.html
10
reference_url https://www.debian.org/security/2023/dsa-5358
reference_id dsa-5358
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/
url https://www.debian.org/security/2023/dsa-5358
11
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
12
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
reference_id msg00029.html
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.0.1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-42706
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-67xa-jnpj-87gs
35
url VCID-6c2s-3d5y-xyft
vulnerability_id VCID-6c2s-3d5y-xyft
summary asterisk: SIP valid account enumeration flaw
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3903.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3903.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-3903
reference_id
reference_type
scores
0
value 0.00731
scoring_system epss
scoring_elements 0.7301
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-3903
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3903
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3903
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=461271
reference_id 461271
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=461271
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522528
reference_id 522528
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522528
5
reference_url https://security.gentoo.org/glsa/200905-01
reference_id GLSA-200905-01
reference_type
scores
url https://security.gentoo.org/glsa/200905-01
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.6.1.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.6.1.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.1.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2008-3903
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6c2s-3d5y-xyft
36
url VCID-6f27-bqb3-1bg5
vulnerability_id VCID-6f27-bqb3-1bg5
summary The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-1595
reference_id
reference_type
scores
0
value 0.00848
scoring_system epss
scoring_elements 0.75156
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-1595
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1595
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1595
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-1595
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6f27-bqb3-1bg5
37
url VCID-6f8u-n8g1-nyeg
vulnerability_id VCID-6f8u-n8g1-nyeg
summary Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-6430
reference_id
reference_type
scores
0
value 0.00659
scoring_system epss
scoring_elements 0.7142
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-6430
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6430
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6430
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457063
reference_id 457063
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457063
3
reference_url https://security.gentoo.org/glsa/200804-13
reference_id GLSA-200804-13
reference_type
scores
url https://security.gentoo.org/glsa/200804-13
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.16.2~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.16.2~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.16.2~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-6430
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6f8u-n8g1-nyeg
38
url VCID-6fm4-haca-cydr
vulnerability_id VCID-6fm4-haca-cydr
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43299
reference_id
reference_type
scores
0
value 0.00377
scoring_system epss
scoring_elements 0.59553
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43299
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id 1014998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
22
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
23
reference_url https://usn.ubuntu.com/8122-1/
reference_id USN-8122-1
reference_type
scores
url https://usn.ubuntu.com/8122-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.11.1~dfsg%2B~cs6.10.40431413-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.11.1~dfsg%2B~cs6.10.40431413-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.11.1~dfsg%252B~cs6.10.40431413-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2021-43299
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6fm4-haca-cydr
39
url VCID-6qrf-j2tj-pkbg
vulnerability_id VCID-6qrf-j2tj-pkbg
summary The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-4598
reference_id
reference_type
scores
0
value 0.00634
scoring_system epss
scoring_elements 0.70713
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-4598
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4598
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4598
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651552
reference_id 651552
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651552
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.8.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.8.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.8.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-4598
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6qrf-j2tj-pkbg
40
url VCID-6swb-auc8-pygr
vulnerability_id VCID-6swb-auc8-pygr
summary reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a < (less than) character.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2665
reference_id
reference_type
scores
0
value 0.02315
scoring_system epss
scoring_elements 0.85042
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2665
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2665
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631445
reference_id 631445
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631445
3
reference_url https://security.gentoo.org/glsa/201110-21
reference_id GLSA-201110-21
reference_type
scores
url https://security.gentoo.org/glsa/201110-21
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.4.3-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.4.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.4.3-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-2665
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6swb-auc8-pygr
41
url VCID-6xwa-84z9-gkdt
vulnerability_id VCID-6xwa-84z9-gkdt
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17281
reference_id
reference_type
scores
0
value 0.80258
scoring_system epss
scoring_elements 0.99142
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17281
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909554
reference_id 909554
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909554
6
reference_url https://security.gentoo.org/glsa/201811-11
reference_id GLSA-201811-11
reference_type
scores
url https://security.gentoo.org/glsa/201811-11
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.23.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.23.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.23.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2018-17281
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xwa-84z9-gkdt
42
url VCID-7bc7-k654-akby
vulnerability_id VCID-7bc7-k654-akby
summary Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-1306
reference_id
reference_type
scores
0
value 0.197
scoring_system epss
scoring_elements 0.95535
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-1306
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1306
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1306
2
reference_url https://security.gentoo.org/glsa/200703-14
reference_id GLSA-200703-14
reference_type
scores
url https://security.gentoo.org/glsa/200703-14
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/3407.c
reference_id OSVDB-33888;CVE-2007-1306
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/3407.c
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.2.16~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.2.16~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.2.16~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-1306
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7bc7-k654-akby
43
url VCID-7r1a-5ar4-jfcf
vulnerability_id VCID-7r1a-5ar4-jfcf
summary Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-4047
reference_id
reference_type
scores
0
value 0.03038
scoring_system epss
scoring_elements 0.86896
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-4047
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4047
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4047
2
reference_url https://security.gentoo.org/glsa/201406-25
reference_id GLSA-201406-25
reference_type
scores
url https://security.gentoo.org/glsa/201406-25
fixed_packages
0
url pkg:deb/debian/asterisk@1:11.10.2~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:11.10.2~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.10.2~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2014-4047
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7r1a-5ar4-jfcf
44
url VCID-7uxm-rubg-mbdq
vulnerability_id VCID-7uxm-rubg-mbdq
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39269
reference_id
reference_type
scores
0
value 0.0017
scoring_system epss
scoring_elements 0.37917
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39269
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092
reference_id 1032092
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092
10
reference_url https://security.gentoo.org/glsa/202210-37
reference_id GLSA-202210-37
reference_type
scores
url https://security.gentoo.org/glsa/202210-37
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:20.3.0~dfsg%2B~cs6.13.40431413-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.3.0~dfsg%2B~cs6.13.40431413-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.3.0~dfsg%252B~cs6.13.40431413-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-39269
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7uxm-rubg-mbdq
45
url VCID-8e1f-41mn-3bh4
vulnerability_id VCID-8e1f-41mn-3bh4
summary chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-0885
reference_id
reference_type
scores
0
value 0.01057
scoring_system epss
scoring_elements 0.77906
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-0885
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0885
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0885
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656596
reference_id 656596
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656596
3
reference_url https://security.gentoo.org/glsa/201202-06
reference_id GLSA-201202-06
reference_type
scores
url https://security.gentoo.org/glsa/201202-06
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.8.2~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.8.2~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.8.2~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2012-0885
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8e1f-41mn-3bh4
46
url VCID-8hf1-hkj1-vffb
vulnerability_id VCID-8hf1-hkj1-vffb
summary FrameWork: XSS Ajax requests (AST-2009-009)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7220.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7220.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-7220
reference_id
reference_type
scores
0
value 0.10024
scoring_system epss
scoring_elements 0.93184
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-7220
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=523277
reference_id 523277
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=523277
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220
reference_id 555220
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221
reference_id 555221
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555242
reference_id 555242
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555242
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555244
reference_id 555244
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555244
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250
reference_id 555250
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255
reference_id 555255
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555259
reference_id 555259
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555259
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555266
reference_id 555266
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555266
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977
reference_id 558977
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977
13
reference_url https://security.gentoo.org/glsa/201006-20
reference_id GLSA-201006-20
reference_type
scores
url https://security.gentoo.org/glsa/201006-20
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.6.2.0~rc3-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.6.2.0~rc3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.0~rc3-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2008-7220
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8hf1-hkj1-vffb
47
url VCID-8j3f-r3ze-yygu
vulnerability_id VCID-8j3f-r3ze-yygu
summary The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-4048
reference_id
reference_type
scores
0
value 0.01637
scoring_system epss
scoring_elements 0.82234
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-4048
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2014-4048
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8j3f-r3ze-yygu
48
url VCID-8t58-6hnp-dyhh
vulnerability_id VCID-8t58-6hnp-dyhh
summary Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-5558
reference_id
reference_type
scores
0
value 0.02263
scoring_system epss
scoring_elements 0.84893
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-5558
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5558
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5558
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509686
reference_id 509686
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509686
3
reference_url https://security.gentoo.org/glsa/200905-01
reference_id GLSA-200905-01
reference_type
scores
url https://security.gentoo.org/glsa/200905-01
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2008-5558
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8t58-6hnp-dyhh
49
url VCID-8vde-2bve-qfek
vulnerability_id VCID-8vde-2bve-qfek
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-35190
reference_id
reference_type
scores
0
value 0.00183
scoring_system epss
scoring_elements 0.3975
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-35190
1
reference_url https://github.com/asterisk/asterisk/pull/600
reference_id 600
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/
url https://github.com/asterisk/asterisk/pull/600
2
reference_url https://github.com/asterisk/asterisk/pull/602
reference_id 602
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/
url https://github.com/asterisk/asterisk/pull/602
3
reference_url https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d
reference_id 85241bd22936cc15760fd1f65d16c98be7aeaf6d
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/
url https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d
4
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9
reference_id GHSA-qqxj-v78h-hrf9
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2024-35190
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8vde-2bve-qfek
50
url VCID-8zwv-ea4b-1kgr
vulnerability_id VCID-8zwv-ea4b-1kgr
summary An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12228
reference_id
reference_type
scores
0
value 0.00422
scoring_system epss
scoring_elements 0.62352
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12228
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2018-12228
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8zwv-ea4b-1kgr
51
url VCID-93p3-29pk-kkhm
vulnerability_id VCID-93p3-29pk-kkhm
summary Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1147
reference_id
reference_type
scores
0
value 0.0342
scoring_system epss
scoring_elements 0.8765
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1147
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1147
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614580
reference_id 614580
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614580
3
reference_url https://security.gentoo.org/glsa/201110-21
reference_id GLSA-201110-21
reference_type
scores
url https://security.gentoo.org/glsa/201110-21
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.3.3-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-1147
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93p3-29pk-kkhm
52
url VCID-9a88-mws1-k3dk
vulnerability_id VCID-9a88-mws1-k3dk
summary Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-6610
reference_id
reference_type
scores
0
value 0.01519
scoring_system epss
scoring_elements 0.81541
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-6610
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6610
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6610
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762164
reference_id 762164
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762164
3
reference_url https://security.gentoo.org/glsa/201411-10
reference_id GLSA-201411-10
reference_type
scores
url https://security.gentoo.org/glsa/201411-10
fixed_packages
0
url pkg:deb/debian/asterisk@1:11.12.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:11.12.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.12.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2014-6610
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9a88-mws1-k3dk
53
url VCID-9bs1-zeq7-jfaa
vulnerability_id VCID-9bs1-zeq7-jfaa
summary Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1184
reference_id
reference_type
scores
0
value 0.37421
scoring_system epss
scoring_elements 0.97256
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1184
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1184
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1184
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664411
reference_id 664411
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664411
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/18855.txt
reference_id CVE-2012-1184;OSVDB-80126
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/18855.txt
4
reference_url https://security.gentoo.org/glsa/201203-21
reference_id GLSA-201203-21
reference_type
scores
url https://security.gentoo.org/glsa/201203-21
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.10.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.10.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.10.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2012-1184
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9bs1-zeq7-jfaa
54
url VCID-9d1k-5q7h-eygy
vulnerability_id VCID-9d1k-5q7h-eygy
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-46837
reference_id
reference_type
scores
0
value 0.00134
scoring_system epss
scoring_elements 0.3264
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-46837
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018073
reference_id 1018073
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018073
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.9.0~dfsg%2B~cs6.10.40431411-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.9.0~dfsg%2B~cs6.10.40431411-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.9.0~dfsg%252B~cs6.10.40431411-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2021-46837
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9d1k-5q7h-eygy
55
url VCID-9hy7-11uc-ekdj
vulnerability_id VCID-9hy7-11uc-ekdj
summary asterisk: remote DoS on receipt of malformed RTP text frames
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2651.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2651.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-2651
reference_id
reference_type
scores
0
value 0.00071
scoring_system epss
scoring_elements 0.2175
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-2651
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2651
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=514953
reference_id 514953
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=514953
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539473
reference_id 539473
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539473
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.6.2.0~dfsg~rc1-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.6.2.0~dfsg~rc1-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.0~dfsg~rc1-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2009-2651
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hy7-11uc-ekdj
56
url VCID-9r8k-em1c-rbep
vulnerability_id VCID-9r8k-em1c-rbep
summary An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-17850
reference_id
reference_type
scores
0
value 0.29958
scoring_system epss
scoring_elements 0.96736
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-17850
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17850
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17850
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885072
reference_id 885072
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885072
3
reference_url https://security.gentoo.org/glsa/201811-11
reference_id GLSA-201811-11
reference_type
scores
url https://security.gentoo.org/glsa/201811-11
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.18.5~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.18.5~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.18.5~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2017-17850
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9r8k-em1c-rbep
57
url VCID-9t5p-up39-2qcs
vulnerability_id VCID-9t5p-up39-2qcs
summary SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-6170
reference_id
reference_type
scores
0
value 0.00367
scoring_system epss
scoring_elements 0.58875
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-6170
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6170
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6170
2
reference_url https://security.gentoo.org/glsa/200804-13
reference_id GLSA-200804-13
reference_type
scores
url https://security.gentoo.org/glsa/200804-13
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.15~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.15~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.15~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-6170
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9t5p-up39-2qcs
58
url VCID-9zza-5utn-3bd4
vulnerability_id VCID-9zza-5utn-3bd4
summary Asterisk: Asterisk: Arbitrary code execution and file overwrite as root via insecure ast_coredumper file handling
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23740.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23740.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23740
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03943
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23740
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23740
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23740
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
reference_id 1127438
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2437723
reference_id 2437723
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2437723
5
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c
reference_id GHSA-xpc6-x892-v83c
reference_type
scores
0
value 0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-06T19:11:52Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u9?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u9?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u9%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2026-23740
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9zza-5utn-3bd4
59
url VCID-aab3-vkqd-xugq
vulnerability_id VCID-aab3-vkqd-xugq
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-26498
reference_id
reference_type
scores
0
value 0.00769
scoring_system epss
scoring_elements 0.73816
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-26498
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.11.2~dfsg%2B~cs6.10.40431413-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.11.2~dfsg%2B~cs6.10.40431413-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.11.2~dfsg%252B~cs6.10.40431413-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-26498
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aab3-vkqd-xugq
60
url VCID-ac5u-zapr-jkhv
vulnerability_id VCID-ac5u-zapr-jkhv
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43302
reference_id
reference_type
scores
0
value 0.00321
scoring_system epss
scoring_elements 0.55363
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43302
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id 1014998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
22
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
23
reference_url https://usn.ubuntu.com/8122-1/
reference_id USN-8122-1
reference_type
scores
url https://usn.ubuntu.com/8122-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.11.1~dfsg%2B~cs6.10.40431413-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.11.1~dfsg%2B~cs6.10.40431413-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.11.1~dfsg%252B~cs6.10.40431413-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2021-43302
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ac5u-zapr-jkhv
61
url VCID-afrg-g4hu-43aj
vulnerability_id VCID-afrg-g4hu-43aj
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18610
reference_id
reference_type
scores
0
value 0.41891
scoring_system epss
scoring_elements 0.97491
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18610
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18610
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18610
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947377
reference_id 947377
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947377
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.10.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:16.10.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.10.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2019-18610
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-afrg-g4hu-43aj
62
url VCID-agdf-v24e-zfcj
vulnerability_id VCID-agdf-v24e-zfcj
summary Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57767
reference_id
reference_type
scores
0
value 0.00161
scoring_system epss
scoring_elements 0.36777
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57767
1
reference_url https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f
reference_id 02993717b08f899d4aca9888062f35dfb198584f
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:12:27Z/
url https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112470
reference_id 1112470
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112470
3
reference_url https://github.com/asterisk/asterisk/pull/1407
reference_id 1407
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:12:27Z/
url https://github.com/asterisk/asterisk/pull/1407
4
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j
reference_id GHSA-64qc-9x89-rx5j
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:12:27Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j
5
reference_url https://security.gentoo.org/glsa/202601-04
reference_id GLSA-202601-04
reference_type
scores
url https://security.gentoo.org/glsa/202601-04
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.5.2~dfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.5.2~dfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.5.2~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2025-57767
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-agdf-v24e-zfcj
63
url VCID-and4-m6yw-yua9
vulnerability_id VCID-and4-m6yw-yua9
summary Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47779
reference_id
reference_type
scores
0
value 0.00279
scoring_system epss
scoring_elements 0.51517
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47779
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47779
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47779
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106528
reference_id 1106528
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106528
3
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw
reference_id GHSA-2grh-7mhv-fcfw
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:25:58Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw
4
reference_url https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample
reference_id pjsip.conf.sample
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:25:58Z/
url https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u7?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u7?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u7%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.4.1~dfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.4.1~dfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.4.1~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2025-47779
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-and4-m6yw-yua9
64
url VCID-aqzr-xqpk-83fw
vulnerability_id VCID-aqzr-xqpk-83fw
summary A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-1131
reference_id
reference_type
scores
0
value 0.00052
scoring_system epss
scoring_elements 0.167
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-1131
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1131
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1131
2
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp
reference_id GHSA-v9q8-9j8m-5xwp
reference_type
scores
0
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/V:C/RE:H/U:Amber
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-24T03:55:15Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp
3
reference_url https://security.gentoo.org/glsa/202601-04
reference_id GLSA-202601-04
reference_type
scores
url https://security.gentoo.org/glsa/202601-04
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u8?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u8?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u8%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.5.1~dfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.5.1~dfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.5.1~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2025-1131
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aqzr-xqpk-83fw
65
url VCID-ar64-v7yh-fug4
vulnerability_id VCID-ar64-v7yh-fug4
summary The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-3263
reference_id
reference_type
scores
0
value 0.36096
scoring_system epss
scoring_elements 0.97174
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-3263
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3263
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3263
2
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/32095.pl
reference_id CVE-2008-3263;OSVDB-47253
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/32095.pl
3
reference_url https://www.securityfocus.com/bid/30321/info
reference_id CVE-2008-3263;OSVDB-47253
reference_type exploit
scores
url https://www.securityfocus.com/bid/30321/info
4
reference_url https://security.gentoo.org/glsa/200905-01
reference_id GLSA-200905-01
reference_type
scores
url https://security.gentoo.org/glsa/200905-01
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.21.2~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.21.2~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.21.2~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2008-3263
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ar64-v7yh-fug4
66
url VCID-auhz-ddkv-nkhe
vulnerability_id VCID-auhz-ddkv-nkhe
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7551
reference_id
reference_type
scores
0
value 0.0663
scoring_system epss
scoring_elements 0.91336
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7551
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2316
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2316
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7551
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7551
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832
reference_id 838832
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.11.2~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.11.2~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.11.2~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2016-7551
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-auhz-ddkv-nkhe
67
url VCID-bact-r8tn-d3gz
vulnerability_id VCID-bact-r8tn-d3gz
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43301
reference_id
reference_type
scores
0
value 0.00428
scoring_system epss
scoring_elements 0.62703
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43301
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id 1014998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
22
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
23
reference_url https://usn.ubuntu.com/8122-1/
reference_id USN-8122-1
reference_type
scores
url https://usn.ubuntu.com/8122-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.11.1~dfsg%2B~cs6.10.40431413-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.11.1~dfsg%2B~cs6.10.40431413-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.11.1~dfsg%252B~cs6.10.40431413-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2021-43301
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bact-r8tn-d3gz
68
url VCID-bbsx-hjxg-nybm
vulnerability_id VCID-bbsx-hjxg-nybm
summary chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2529
reference_id
reference_type
scores
0
value 0.03361
scoring_system epss
scoring_elements 0.8755
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2529
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2529
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2529
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631446
reference_id 631446
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631446
3
reference_url https://security.gentoo.org/glsa/201110-21
reference_id GLSA-201110-21
reference_type
scores
url https://security.gentoo.org/glsa/201110-21
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.4.3-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.4.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.4.3-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-2529
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bbsx-hjxg-nybm
69
url VCID-bh15-8qwt-b7fp
vulnerability_id VCID-bh15-8qwt-b7fp
summary main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2414
reference_id
reference_type
scores
0
value 0.04278
scoring_system epss
scoring_elements 0.89014
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2414
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2414
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2414
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670180
reference_id 670180
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670180
3
reference_url https://security.gentoo.org/glsa/201206-05
reference_id GLSA-201206-05
reference_type
scores
url https://security.gentoo.org/glsa/201206-05
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.11.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.11.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.11.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2012-2414
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bh15-8qwt-b7fp
70
url VCID-bjks-t8ur-kyc9
vulnerability_id VCID-bjks-t8ur-kyc9
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7286
reference_id
reference_type
scores
0
value 0.54632
scoring_system epss
scoring_elements 0.98075
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7286
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891228
reference_id 891228
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891228
6
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44181.py
reference_id CVE-2018-7286
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44181.py
7
reference_url https://raw.githubusercontent.com/EnableSecurity/advisories/master/ES2018-04-asterisk-pjsip-tcp-segfault/README.md
reference_id CVE-2018-7286
reference_type exploit
scores
url https://raw.githubusercontent.com/EnableSecurity/advisories/master/ES2018-04-asterisk-pjsip-tcp-segfault/README.md
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.20.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.20.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.20.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2018-7286
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjks-t8ur-kyc9
71
url VCID-bpt1-f6tf-rygf
vulnerability_id VCID-bpt1-f6tf-rygf
summary Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49832
reference_id
reference_type
scores
0
value 0.01057
scoring_system epss
scoring_elements 0.77898
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49832
1
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110317
reference_id 1110317
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110317
2
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr
reference_id GHSA-mrq5-74j5-f5cr
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-01T18:28:56Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr
3
reference_url https://security.gentoo.org/glsa/202601-04
reference_id GLSA-202601-04
reference_type
scores
url https://security.gentoo.org/glsa/202601-04
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.5.1~dfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.5.1~dfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.5.1~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2025-49832
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bpt1-f6tf-rygf
72
url VCID-bqyw-wjb9-w3b4
vulnerability_id VCID-bqyw-wjb9-w3b4
summary An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28242
reference_id
reference_type
scores
0
value 0.00407
scoring_system epss
scoring_elements 0.61408
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28242
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28242
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28242
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974713
reference_id 974713
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974713
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.15.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:16.15.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.15.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2020-28242
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bqyw-wjb9-w3b4
73
url VCID-bv4k-ectn-2bga
vulnerability_id VCID-bv4k-ectn-2bga
summary chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2416
reference_id
reference_type
scores
0
value 0.05048
scoring_system epss
scoring_elements 0.89913
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2416
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2416
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2416
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670180
reference_id 670180
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670180
3
reference_url https://security.gentoo.org/glsa/201206-05
reference_id GLSA-201206-05
reference_type
scores
url https://security.gentoo.org/glsa/201206-05
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.11.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.11.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.11.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2012-2416
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bv4k-ectn-2bga
74
url VCID-c4aq-swne-d3cd
vulnerability_id VCID-c4aq-swne-d3cd
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-21722
reference_id
reference_type
scores
0
value 0.00462
scoring_system epss
scoring_elements 0.64469
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-21722
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id 1014998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
22
reference_url https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a
reference_id 22af44e68a0c7d190ac1e25075e1382f77e9397a
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/
url https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a
23
reference_url https://www.debian.org/security/2022/dsa-5285
reference_id dsa-5285
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/
url https://www.debian.org/security/2022/dsa-5285
24
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36
reference_id GHSA-m66q-q64c-hv36
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36
25
reference_url https://security.gentoo.org/glsa/202210-37
reference_id GLSA-202210-37
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/
url https://security.gentoo.org/glsa/202210-37
26
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
reference_id msg00021.html
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/
url https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
27
reference_url https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
reference_id msg00035.html
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/
url https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
28
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
29
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.12.0~dfsg%2B~cs6.12.40431413-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.12.0~dfsg%2B~cs6.12.40431413-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.12.0~dfsg%252B~cs6.12.40431413-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-21722
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c4aq-swne-d3cd
75
url VCID-c69c-x1by-cfgq
vulnerability_id VCID-c69c-x1by-cfgq
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32686
reference_id
reference_type
scores
0
value 0.01675
scoring_system epss
scoring_elements 0.82458
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32686
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id 1014998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991931
reference_id 991931
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991931
5
reference_url https://security.gentoo.org/glsa/202210-37
reference_id GLSA-202210-37
reference_type
scores
url https://security.gentoo.org/glsa/202210-37
6
reference_url https://usn.ubuntu.com/8122-1/
reference_id USN-8122-1
reference_type
scores
url https://usn.ubuntu.com/8122-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.16.1~dfsg-1%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.16.1~dfsg-1%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.16.1~dfsg-1%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.16.1~dfsg-2?distro=sid
purl pkg:deb/debian/asterisk@1:16.16.1~dfsg-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.16.1~dfsg-2%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2021-32686
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c69c-x1by-cfgq
76
url VCID-cbqr-82pp-9yb6
vulnerability_id VCID-cbqr-82pp-9yb6
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35776
reference_id
reference_type
scores
0
value 0.00085
scoring_system epss
scoring_elements 0.24635
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35776
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35776
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35776
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983158
reference_id 983158
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983158
3
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.16.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:16.16.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.16.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2020-35776
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbqr-82pp-9yb6
77
url VCID-cf97-dgaw-a7ft
vulnerability_id VCID-cf97-dgaw-a7ft
summary tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1175
reference_id
reference_type
scores
0
value 0.00284
scoring_system epss
scoring_elements 0.5204
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1175
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1175
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1175
2
reference_url https://security.gentoo.org/glsa/201110-21
reference_id GLSA-201110-21
reference_type
scores
url https://security.gentoo.org/glsa/201110-21
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.3.3-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-1175
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cf97-dgaw-a7ft
78
url VCID-cmy5-3fnq-v3gz
vulnerability_id VCID-cmy5-3fnq-v3gz
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24754
reference_id
reference_type
scores
0
value 0.00551
scoring_system epss
scoring_elements 0.68301
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24754
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24754
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24754
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id 1014998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
3
reference_url https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47
reference_id d27f79da11df7bc8bb56c2f291d71e54df8d2c47
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/
url https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47
4
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662
reference_id GHSA-73f7-48m9-w662
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662
5
reference_url https://security.gentoo.org/glsa/202210-37
reference_id GLSA-202210-37
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/
url https://security.gentoo.org/glsa/202210-37
6
reference_url https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
reference_id msg00035.html
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/
url https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
7
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
8
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-24754
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmy5-3fnq-v3gz
79
url VCID-cr6q-j8r8-aycs
vulnerability_id VCID-cr6q-j8r8-aycs
summary chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2535
reference_id
reference_type
scores
0
value 0.0018
scoring_system epss
scoring_elements 0.39355
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2535
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2535
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2535
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631448
reference_id 631448
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631448
3
reference_url https://security.gentoo.org/glsa/201110-21
reference_id GLSA-201110-21
reference_type
scores
url https://security.gentoo.org/glsa/201110-21
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.4.3-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.4.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.4.3-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-2535
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cr6q-j8r8-aycs
80
url VCID-d23v-361c-kfhj
vulnerability_id VCID-d23v-361c-kfhj
summary The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-1923
reference_id
reference_type
scores
0
value 0.01525
scoring_system epss
scoring_elements 0.8158
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-1923
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1923
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1923
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2008-1923
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d23v-361c-kfhj
81
url VCID-d9ww-rj4r-tkh6
vulnerability_id VCID-d9ww-rj4r-tkh6
summary ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-8417
reference_id
reference_type
scores
0
value 0.00897
scoring_system epss
scoring_elements 0.75968
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-8417
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8417
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8417
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463
reference_id 771463
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463
3
reference_url https://security.gentoo.org/glsa/201412-51
reference_id GLSA-201412-51
reference_type
scores
url https://security.gentoo.org/glsa/201412-51
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.1.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2014-8417
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d9ww-rj4r-tkh6
82
url VCID-dbuh-qhu9-gfc1
vulnerability_id VCID-dbuh-qhu9-gfc1
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43300
reference_id
reference_type
scores
0
value 0.00428
scoring_system epss
scoring_elements 0.62703
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43300
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id 1014998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
22
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
23
reference_url https://usn.ubuntu.com/8122-1/
reference_id USN-8122-1
reference_type
scores
url https://usn.ubuntu.com/8122-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.11.1~dfsg%2B~cs6.10.40431413-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.11.1~dfsg%2B~cs6.10.40431413-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.11.1~dfsg%252B~cs6.10.40431413-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2021-43300
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dbuh-qhu9-gfc1
83
url VCID-dqu7-pd5w-eua6
vulnerability_id VCID-dqu7-pd5w-eua6
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37706
reference_id
reference_type
scores
0
value 0.00505
scoring_system epss
scoring_elements 0.6649
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37706
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id 1014998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
22
reference_url https://security.gentoo.org/glsa/202210-37
reference_id GLSA-202210-37
reference_type
scores
url https://security.gentoo.org/glsa/202210-37
23
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
24
reference_url https://usn.ubuntu.com/6422-2/
reference_id USN-6422-2
reference_type
scores
url https://usn.ubuntu.com/6422-2/
25
reference_url https://usn.ubuntu.com/8122-1/
reference_id USN-8122-1
reference_type
scores
url https://usn.ubuntu.com/8122-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.10.1~dfsg%2B~cs6.10.40431411-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.10.1~dfsg%2B~cs6.10.40431411-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.10.1~dfsg%252B~cs6.10.40431411-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2021-37706
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dqu7-pd5w-eua6
84
url VCID-dtxn-zzne-wueq
vulnerability_id VCID-dtxn-zzne-wueq
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7284
reference_id
reference_type
scores
0
value 0.65243
scoring_system epss
scoring_elements 0.98501
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7284
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891227
reference_id 891227
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891227
6
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44184.py
reference_id CVE-2018-7284
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44184.py
7
reference_url https://raw.githubusercontent.com/EnableSecurity/advisories/master/ES2018-01-asterisk-pjsip-subscribe-stack-corruption/README.md
reference_id CVE-2018-7284
reference_type exploit
scores
url https://raw.githubusercontent.com/EnableSecurity/advisories/master/ES2018-01-asterisk-pjsip-subscribe-stack-corruption/README.md
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.20.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.20.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.20.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2018-7284
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dtxn-zzne-wueq
85
url VCID-dv6b-cyft-5kcd
vulnerability_id VCID-dv6b-cyft-5kcd
summary asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7550
reference_id
reference_type
scores
0
value 0.00122
scoring_system epss
scoring_elements 0.30917
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7550
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7550
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7550
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838833
reference_id 838833
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838833
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.11.2~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.11.2~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.11.2~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2016-7550
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dv6b-cyft-5kcd
86
url VCID-dzse-tta6-nuex
vulnerability_id VCID-dzse-tta6-nuex
summary An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9938
reference_id
reference_type
scores
0
value 0.01419
scoring_system epss
scoring_elements 0.80891
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9938
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9938
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9938
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847668
reference_id 847668
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847668
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.13.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.13.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.13.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2016-9938
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dzse-tta6-nuex
87
url VCID-e8pp-29uh-dfam
vulnerability_id VCID-e8pp-29uh-dfam
summary asterisk: Replies to failed login attempts differently based on whether the user account exists (information disclosure)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0041.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0041.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-0041
reference_id
reference_type
scores
0
value 0.0086
scoring_system epss
scoring_elements 0.75329
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-0041
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0041
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0041
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=480132
reference_id 480132
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=480132
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513413
reference_id 513413
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513413
5
reference_url https://security.gentoo.org/glsa/200905-01
reference_id GLSA-200905-01
reference_type
scores
url https://security.gentoo.org/glsa/200905-01
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.6.1.0~dfsg~rc3-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.6.1.0~dfsg~rc3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.1.0~dfsg~rc3-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2009-0041
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8pp-29uh-dfam
88
url VCID-e918-vkmk-h7gu
vulnerability_id VCID-e918-vkmk-h7gu
summary rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-4055
reference_id
reference_type
scores
0
value 0.00524
scoring_system epss
scoring_elements 0.67216
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-4055
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4055
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4055
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559103
reference_id 559103
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559103
3
reference_url https://security.gentoo.org/glsa/201006-20
reference_id GLSA-201006-20
reference_type
scores
url https://security.gentoo.org/glsa/201006-20
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.6.2.0~rc7-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.6.2.0~rc7-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.0~rc7-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2009-4055
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e918-vkmk-h7gu
89
url VCID-eek3-jw4a-mkhh
vulnerability_id VCID-eek3-jw4a-mkhh
summary The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy."
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-3764
reference_id
reference_type
scores
0
value 0.45627
scoring_system epss
scoring_elements 0.97675
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-3764
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3764
2
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/4196.c
reference_id CVE-2007-3764
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/4196.c
3
reference_url https://security.gentoo.org/glsa/200802-11
reference_id GLSA-200802-11
reference_type
scores
url https://security.gentoo.org/glsa/200802-11
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.8~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.8~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.8~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-3764
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eek3-jw4a-mkhh
90
url VCID-emr1-3t75-ekg4
vulnerability_id VCID-emr1-3t75-ekg4
summary channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3863
reference_id
reference_type
scores
0
value 0.07186
scoring_system epss
scoring_elements 0.91712
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3863
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3863
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3863
2
reference_url https://security.gentoo.org/glsa/201209-15
reference_id GLSA-201209-15
reference_type
scores
url https://security.gentoo.org/glsa/201209-15
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2012-3863
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-emr1-3t75-ekg4
91
url VCID-f5a4-mbpj-zbc6
vulnerability_id VCID-f5a4-mbpj-zbc6
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-37457
reference_id
reference_type
scores
0
value 0.00074
scoring_system epss
scoring_elements 0.22336
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-37457
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303
reference_id 1059303
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303
6
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:20.8.1~dfsg%2B~cs6.14.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.8.1~dfsg%2B~cs6.14.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.8.1~dfsg%252B~cs6.14.40431414-1%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2023-37457
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f5a4-mbpj-zbc6
92
url VCID-g9s9-6kbt-qba4
vulnerability_id VCID-g9s9-6kbt-qba4
summary Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2005-2081
reference_id
reference_type
scores
0
value 0.00347
scoring_system epss
scoring_elements 0.57515
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2005-2081
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2081
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2081
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315532
reference_id 315532
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315532
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.0.9.dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.0.9.dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.0.9.dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2005-2081
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g9s9-6kbt-qba4
93
url VCID-gvsp-6zd7-5kbn
vulnerability_id VCID-gvsp-6zd7-5kbn
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53566
reference_id
reference_type
scores
0
value 0.00068
scoring_system epss
scoring_elements 0.21113
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53566
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53566
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53566
2
reference_url https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616
reference_id e7c0f44ffb38c00320aa1a6d98bee616
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:37:51Z/
url https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616
3
reference_url https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556
reference_id manager.c#L2556
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:37:51Z/
url https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u6?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u6?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u6%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.1.1~dfsg%2B~cs6.14.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.1.1~dfsg%2B~cs6.14.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.1.1~dfsg%252B~cs6.14.60671435-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2024-53566
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gvsp-6zd7-5kbn
94
url VCID-gyv9-xjx6-f3c4
vulnerability_id VCID-gyv9-xjx6-f3c4
summary 
Multiple buffer overflows in Asterisk might allow remote attackers
    to cause a Denial of Service condition.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2289
reference_id
reference_type
scores
0
value 0.03251
scoring_system epss
scoring_elements 0.87345
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2289
1
reference_url https://security.gentoo.org/glsa/201405-05
reference_id GLSA-201405-05
reference_type
scores
url https://security.gentoo.org/glsa/201405-05
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2014-2289
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gyv9-xjx6-f3c4
95
url VCID-h29y-p6u4-c3d8
vulnerability_id VCID-h29y-p6u4-c3d8
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49786
reference_id
reference_type
scores
0
value 0.00077
scoring_system epss
scoring_elements 0.22993
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49786
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033
reference_id 1059033
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033
6
reference_url http://seclists.org/fulldisclosure/2023/Dec/24
reference_id 24
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/
url http://seclists.org/fulldisclosure/2023/Dec/24
7
reference_url http://www.openwall.com/lists/oss-security/2023/12/15/7
reference_id 7
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/
url http://www.openwall.com/lists/oss-security/2023/12/15/7
8
reference_url http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html
reference_id Asterisk-20.1.0-Denial-Of-Service.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/
url http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html
9
reference_url https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05
reference_id d7d7764cb07c8a1872804321302ef93bf62cba05
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/
url https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05
10
reference_url https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race
reference_id ES2023-01-asterisk-dtls-hello-race
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/
url https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race
11
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq
reference_id GHSA-hxj9-xwr8-w8pq
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq
12
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
13
reference_url https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
reference_id msg00019.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/
url https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:20.5.1~dfsg%2B~cs6.13.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.5.1~dfsg%2B~cs6.13.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.5.1~dfsg%252B~cs6.13.40431414-1%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2023-49786
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h29y-p6u4-c3d8
96
url VCID-h63n-n2u4-vqff
vulnerability_id VCID-h63n-n2u4-vqff
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-17090
reference_id
reference_type
scores
0
value 0.80582
scoring_system epss
scoring_elements 0.99158
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-17090
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17090
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17090
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883342
reference_id 883342
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883342
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/43992.py
reference_id CVE-2017-17090;AST-2017-01
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/43992.py
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.18.3~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.18.3~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.18.3~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2017-17090
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h63n-n2u4-vqff
97
url VCID-hfmb-gc77-7fav
vulnerability_id VCID-hfmb-gc77-7fav
summary Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2003-0761
reference_id
reference_type
scores
0
value 0.00131
scoring_system epss
scoring_elements 0.32241
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2003-0761
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0761
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0761
fixed_packages
0
url pkg:deb/debian/asterisk@0.5.0?distro=sid
purl pkg:deb/debian/asterisk@0.5.0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0.5.0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2003-0761
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hfmb-gc77-7fav
98
url VCID-hkex-v5z3-73bt
vulnerability_id VCID-hkex-v5z3-73bt
summary 
Multiple buffer overflows in Asterisk might allow remote attackers
    to cause a Denial of Service condition.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2288
reference_id
reference_type
scores
0
value 0.06609
scoring_system epss
scoring_elements 0.91323
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2288
1
reference_url https://security.gentoo.org/glsa/201405-05
reference_id GLSA-201405-05
reference_type
scores
url https://security.gentoo.org/glsa/201405-05
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2014-2288
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkex-v5z3-73bt
99
url VCID-hp5t-h99v-mfc1
vulnerability_id VCID-hp5t-h99v-mfc1
summary reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2216
reference_id
reference_type
scores
0
value 0.03498
scoring_system epss
scoring_elements 0.87805
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2216
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2216
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2216
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629130
reference_id 629130
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629130
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.4.2-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.4.2-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.4.2-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-2216
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hp5t-h99v-mfc1
100
url VCID-ht2z-r1t1-ryf9
vulnerability_id VCID-ht2z-r1t1-ryf9
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39244
reference_id
reference_type
scores
0
value 0.00325
scoring_system epss
scoring_elements 0.55713
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39244
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae
reference_id c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/
url https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae
10
reference_url https://www.debian.org/security/2023/dsa-5358
reference_id dsa-5358
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/
url https://www.debian.org/security/2023/dsa-5358
11
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj
reference_id GHSA-fq45-m3f7-3mhj
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj
12
reference_url https://security.gentoo.org/glsa/202210-37
reference_id GLSA-202210-37
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/
url https://security.gentoo.org/glsa/202210-37
13
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
reference_id msg00029.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
14
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
15
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.0.1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-39244
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ht2z-r1t1-ryf9
101
url VCID-hv7y-fc1a-a7am
vulnerability_id VCID-hv7y-fc1a-a7am
summary The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-4045
reference_id
reference_type
scores
0
value 0.01637
scoring_system epss
scoring_elements 0.82234
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-4045
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2014-4045
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hv7y-fc1a-a7am
102
url VCID-j2vq-egp3-bybh
vulnerability_id VCID-j2vq-egp3-bybh
summary A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-17664
reference_id
reference_type
scores
0
value 0.01276
scoring_system epss
scoring_elements 0.79861
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-17664
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17664
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17664
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884345
reference_id 884345
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884345
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.18.5~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.18.5~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.18.5~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2017-17664
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j2vq-egp3-bybh
103
url VCID-j3ps-x8ey-kfa7
vulnerability_id VCID-j3ps-x8ey-kfa7
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2316
reference_id
reference_type
scores
0
value 0.01094
scoring_system epss
scoring_elements 0.78271
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2316
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2316
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2316
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7551
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7551
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.7.2~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.7.2~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.7.2~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2016-2316
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j3ps-x8ey-kfa7
104
url VCID-j6re-kvf8-h3et
vulnerability_id VCID-j6re-kvf8-h3et
summary An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18976
reference_id
reference_type
scores
0
value 0.00166
scoring_system epss
scoring_elements 0.37356
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18976
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18976
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18976
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.1.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:16.1.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.1.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2019-18976
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6re-kvf8-h3et
105
url VCID-j7ee-s5dw-eyew
vulnerability_id VCID-j7ee-s5dw-eyew
summary Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2415
reference_id
reference_type
scores
0
value 0.10525
scoring_system epss
scoring_elements 0.93379
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2415
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2415
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2415
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670180
reference_id 670180
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670180
3
reference_url https://security.gentoo.org/glsa/201206-05
reference_id GLSA-201206-05
reference_type
scores
url https://security.gentoo.org/glsa/201206-05
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.11.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.11.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.11.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2012-2415
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7ee-s5dw-eyew
106
url VCID-j7sx-6dhs-wbff
vulnerability_id VCID-j7sx-6dhs-wbff
summary Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2186
reference_id
reference_type
scores
0
value 0.00465
scoring_system epss
scoring_elements 0.64665
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2186
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2186
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2186
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680470
reference_id 680470
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680470
3
reference_url https://security.gentoo.org/glsa/201209-15
reference_id GLSA-201209-15
reference_type
scores
url https://security.gentoo.org/glsa/201209-15
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2012-2186
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7sx-6dhs-wbff
107
url VCID-jfve-1ah7-8ybu
vulnerability_id VCID-jfve-1ah7-8ybu
summary Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54995
reference_id
reference_type
scores
0
value 0.01416
scoring_system epss
scoring_elements 0.80869
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54995
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54995
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54995
2
reference_url https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9
reference_id 0278f5bde14565c6838a6ec39bc21aee0cde56a9
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/
url https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9
3
reference_url https://github.com/asterisk/asterisk/pull/1405
reference_id 1405
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/
url https://github.com/asterisk/asterisk/pull/1405
4
reference_url https://github.com/asterisk/asterisk/pull/1406
reference_id 1406
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/
url https://github.com/asterisk/asterisk/pull/1406
5
reference_url https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d
reference_id eafcd7a451dcd007dddf324ac37dd55a4808338d
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/
url https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d
6
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2
reference_id GHSA-557q-795j-wfx2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u8?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u8?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u8%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.2.0~dfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.2.0~dfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.2.0~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2025-54995
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jfve-1ah7-8ybu
108
url VCID-jn6q-ncg1-ufdg
vulnerability_id VCID-jn6q-ncg1-ufdg
summary Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-4521
reference_id
reference_type
scores
0
value 0.02514
scoring_system epss
scoring_elements 0.85641
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-4521
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-4521
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jn6q-ncg1-ufdg
109
url VCID-jytq-x1m9-ryh3
vulnerability_id VCID-jytq-x1m9-ryh3
summary The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2006-2898
reference_id
reference_type
scores
0
value 0.00324
scoring_system epss
scoring_elements 0.55675
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2006-2898
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2898
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2898
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380054
reference_id 380054
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380054
3
reference_url https://security.gentoo.org/glsa/200606-15
reference_id GLSA-200606-15
reference_type
scores
url https://security.gentoo.org/glsa/200606-15
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.2.10.dfsg-2?distro=sid
purl pkg:deb/debian/asterisk@1:1.2.10.dfsg-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.2.10.dfsg-2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2006-2898
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jytq-x1m9-ryh3
110
url VCID-k2af-kssx-8fcn
vulnerability_id VCID-k2af-kssx-8fcn
summary Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-9374
reference_id
reference_type
scores
0
value 0.45774
scoring_system epss
scoring_elements 0.97679
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-9374
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9374
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773230
reference_id 773230
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773230
3
reference_url https://security.gentoo.org/glsa/201412-51
reference_id GLSA-201412-51
reference_type
scores
url https://security.gentoo.org/glsa/201412-51
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.1.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2014-9374
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k2af-kssx-8fcn
111
url VCID-k5je-ydwf-v3gq
vulnerability_id VCID-k5je-ydwf-v3gq
summary Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2005-3559
reference_id
reference_type
scores
0
value 0.05519
scoring_system epss
scoring_elements 0.90382
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2005-3559
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3559
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3559
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338116
reference_id 338116
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338116
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/26475.txt
reference_id CVE-2005-3559;OSVDB-20577
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/26475.txt
4
reference_url https://www.securityfocus.com/bid/15336/info
reference_id CVE-2005-3559;OSVDB-20577
reference_type exploit
scores
url https://www.securityfocus.com/bid/15336/info
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.2.7.1.dfsg-2?distro=sid
purl pkg:deb/debian/asterisk@1:1.2.7.1.dfsg-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.2.7.1.dfsg-2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2005-3559
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k5je-ydwf-v3gq
112
url VCID-k8pf-eby2-3ban
vulnerability_id VCID-k8pf-eby2-3ban
summary SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-6171
reference_id
reference_type
scores
0
value 0.00189
scoring_system epss
scoring_elements 0.40505
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-6171
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6171
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6171
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.15~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.15~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.15~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-6171
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k8pf-eby2-3ban
113
url VCID-kmay-1p7g-t7f5
vulnerability_id VCID-kmay-1p7g-t7f5
summary Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2006-4345
reference_id
reference_type
scores
0
value 0.05153
scoring_system epss
scoring_elements 0.90025
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2006-4345
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4345
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4345
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=385060
reference_id 385060
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=385060
3
reference_url https://security.gentoo.org/glsa/200610-15
reference_id GLSA-200610-15
reference_type
scores
url https://security.gentoo.org/glsa/200610-15
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.2.11.dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.2.11.dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.2.11.dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2006-4345
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kmay-1p7g-t7f5
114
url VCID-ks2t-azws-kbbz
vulnerability_id VCID-ks2t-azws-kbbz
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-7251
reference_id
reference_type
scores
0
value 0.04411
scoring_system epss
scoring_elements 0.89184
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-7251
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7251
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7251
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923690
reference_id 923690
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923690
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.2.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:16.2.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2019-7251
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ks2t-azws-kbbz
115
url VCID-m53p-u7ky-jyd1
vulnerability_id VCID-m53p-u7ky-jyd1
summary Asterisk: Asterisk: Local file disclosure via unsafe XML parsing
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23739.json
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23739.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23739
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17627
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23739
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23739
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23739
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
reference_id 1127438
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2437909
reference_id 2437909
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2437909
5
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42
reference_id GHSA-85x7-54wr-vh42
reference_type
scores
0
value 2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:36:34Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u9?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u9?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u9%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2026-23739
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m53p-u7ky-jyd1
116
url VCID-m749-tkbh-5ygf
vulnerability_id VCID-m749-tkbh-5ygf
summary manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1174
reference_id
reference_type
scores
0
value 0.0029
scoring_system epss
scoring_elements 0.52652
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1174
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1174
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1174
2
reference_url https://security.gentoo.org/glsa/201110-21
reference_id GLSA-201110-21
reference_type
scores
url https://security.gentoo.org/glsa/201110-21
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.3.3-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-1174
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m749-tkbh-5ygf
117
url VCID-mh9b-mu9k-ufcn
vulnerability_id VCID-mh9b-mu9k-ufcn
summary Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31878
reference_id
reference_type
scores
0
value 0.0019
scoring_system epss
scoring_elements 0.40669
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31878
1
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2021-31878
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mh9b-mu9k-ufcn
118
url VCID-mhw5-v3jy-qqfd
vulnerability_id VCID-mhw5-v3jy-qqfd
summary Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2006-1827
reference_id
reference_type
scores
0
value 0.03378
scoring_system epss
scoring_elements 0.87583
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2006-1827
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1827
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1827
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364195
reference_id 364195
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364195
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.2.7.1.dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.2.7.1.dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.2.7.1.dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2006-1827
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mhw5-v3jy-qqfd
119
url VCID-mu5d-au9b-87ap
vulnerability_id VCID-mu5d-au9b-87ap
summary embedded prototype.js JavaScript hijacking
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2383.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2383.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-2383
reference_id
reference_type
scores
0
value 0.00262
scoring_system epss
scoring_elements 0.49714
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-2383
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2383
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2383
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=539592
reference_id 539592
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=539592
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220
reference_id 555220
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221
reference_id 555221
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250
reference_id 555250
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255
reference_id 555255
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977
reference_id 558977
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.6.2.0~rc3-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.6.2.0~rc3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.0~rc3-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-2383
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mu5d-au9b-87ap
120
url VCID-muku-zk87-hkbv
vulnerability_id VCID-muku-zk87-hkbv
summary The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-4455
reference_id
reference_type
scores
0
value 0.05232
scoring_system epss
scoring_elements 0.90101
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-4455
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4455
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4455
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.11~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.11~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.11~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-4455
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-muku-zk87-hkbv
121
url VCID-mumx-6vvr-4bbf
vulnerability_id VCID-mumx-6vvr-4bbf
summary channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2287
reference_id
reference_type
scores
0
value 0.05216
scoring_system epss
scoring_elements 0.90082
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2287
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2287
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2287
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741313
reference_id 741313
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741313
3
reference_url https://security.gentoo.org/glsa/201405-05
reference_id GLSA-201405-05
reference_type
scores
url https://security.gentoo.org/glsa/201405-05
fixed_packages
0
url pkg:deb/debian/asterisk@1:11.8.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:11.8.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.8.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2014-2287
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mumx-6vvr-4bbf
122
url VCID-mw9d-2zh9-yya9
vulnerability_id VCID-mw9d-2zh9-yya9
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24764
reference_id
reference_type
scores
0
value 0.01506
scoring_system epss
scoring_elements 0.81469
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24764
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976
reference_id 1014976
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id 1014998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
23
reference_url https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
reference_id 560a1346f87aabe126509bb24930106dea292b00
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/
url https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
24
reference_url https://www.debian.org/security/2022/dsa-5285
reference_id dsa-5285
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/
url https://www.debian.org/security/2022/dsa-5285
25
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
reference_id GHSA-f5qg-pqcg-765m
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
26
reference_url https://security.gentoo.org/glsa/202210-37
reference_id GLSA-202210-37
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/
url https://security.gentoo.org/glsa/202210-37
27
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
reference_id msg00021.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/
url https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
28
reference_url https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
reference_id msg00035.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/
url https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
29
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
30
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%2B~cs6.12.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%2B~cs6.12.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-24764
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mw9d-2zh9-yya9
123
url VCID-n7zc-3ycr-akcy
vulnerability_id VCID-n7zc-3ycr-akcy
summary A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-9358
reference_id
reference_type
scores
0
value 0.01188
scoring_system epss
scoring_elements 0.79122
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-9358
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9358
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9358
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863906
reference_id 863906
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863906
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.14.1~dfsg-2?distro=sid
purl pkg:deb/debian/asterisk@1:13.14.1~dfsg-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2017-9358
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n7zc-3ycr-akcy
124
url VCID-nhn9-mw16-pkaf
vulnerability_id VCID-nhn9-mw16-pkaf
summary Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-5977
reference_id
reference_type
scores
0
value 0.01103
scoring_system epss
scoring_elements 0.78362
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-5977
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5977
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5977
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697230
reference_id 697230
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697230
3
reference_url https://security.gentoo.org/glsa/201401-15
reference_id GLSA-201401-15
reference_type
scores
url https://security.gentoo.org/glsa/201401-15
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2012-5977
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhn9-mw16-pkaf
125
url VCID-nm83-6ezk-pue4
vulnerability_id VCID-nm83-6ezk-pue4
summary 
Multiple vulnerabilities have been found in Asterisk, the worst of
    which may allow execution of arbitrary code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2685
reference_id
reference_type
scores
0
value 0.08932
scoring_system epss
scoring_elements 0.92714
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2685
1
reference_url https://security.gentoo.org/glsa/201401-15
reference_id GLSA-201401-15
reference_type
scores
url https://security.gentoo.org/glsa/201401-15
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2013-2685
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nm83-6ezk-pue4
126
url VCID-nsnm-1fx3-n3dt
vulnerability_id VCID-nsnm-1fx3-n3dt
summary Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47780
reference_id
reference_type
scores
0
value 0.00454
scoring_system epss
scoring_elements 0.64073
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47780
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47780
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47780
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106530
reference_id 1106530
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106530
3
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2
reference_id GHSA-c7p6-7mvq-8jq2
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:24:44Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u7?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u7?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u7%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.4.1~dfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.4.1~dfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.4.1~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2025-47780
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nsnm-1fx3-n3dt
127
url VCID-nwcq-bvn5-qyf7
vulnerability_id VCID-nwcq-bvn5-qyf7
summary Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-4046
reference_id
reference_type
scores
0
value 0.01378
scoring_system epss
scoring_elements 0.80563
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-4046
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4046
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4046
2
reference_url https://security.gentoo.org/glsa/201406-25
reference_id GLSA-201406-25
reference_type
scores
url https://security.gentoo.org/glsa/201406-25
fixed_packages
0
url pkg:deb/debian/asterisk@1:11.10.2~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:11.10.2~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.10.2~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2014-4046
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nwcq-bvn5-qyf7
128
url VCID-p4m7-21w6-cqep
vulnerability_id VCID-p4m7-21w6-cqep
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24793
reference_id
reference_type
scores
0
value 0.00566
scoring_system epss
scoring_elements 0.68779
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24793
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976
reference_id 1014976
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id 1014998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
23
reference_url https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a
reference_id 9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/
url https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a
24
reference_url https://www.debian.org/security/2022/dsa-5285
reference_id dsa-5285
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/
url https://www.debian.org/security/2022/dsa-5285
25
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
reference_id GHSA-p6g5-v97c-w5q4
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
26
reference_url https://security.gentoo.org/glsa/202210-37
reference_id GLSA-202210-37
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/
url https://security.gentoo.org/glsa/202210-37
27
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
reference_id msg00021.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/
url https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
28
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
29
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html
reference_id msg00047.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/
url https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html
30
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%2B~cs6.12.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%2B~cs6.12.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-24793
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4m7-21w6-cqep
129
url VCID-p4z2-vafe-2kcq
vulnerability_id VCID-p4z2-vafe-2kcq
summary The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-0095
reference_id
reference_type
scores
0
value 0.26555
scoring_system epss
scoring_elements 0.96421
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-0095
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0095
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0095
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=458952
reference_id 458952
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=458952
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/30974.txt
reference_id CVE-2008-0095;OSVDB-39841
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/30974.txt
4
reference_url https://www.securityfocus.com/bid/27110/info
reference_id CVE-2008-0095;OSVDB-39841
reference_type exploit
scores
url https://www.securityfocus.com/bid/27110/info
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.17~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.17~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.17~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2008-0095
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4z2-vafe-2kcq
130
url VCID-paap-v22a-w7f3
vulnerability_id VCID-paap-v22a-w7f3
summary Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-2293
reference_id
reference_type
scores
0
value 0.49577
scoring_system epss
scoring_elements 0.9785
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-2293
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2293
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2293
2
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/29900.txt
reference_id CVE-2007-2293;OSVDB-35368
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/29900.txt
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/29901.txt
reference_id CVE-2007-2293;OSVDB-35368
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/29901.txt
4
reference_url https://www.securityfocus.com/bid/23648/info
reference_id CVE-2007-2293;OSVDB-35368
reference_type exploit
scores
url https://www.securityfocus.com/bid/23648/info
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.3~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.3~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.3~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-2293
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-paap-v22a-w7f3
131
url VCID-ppcr-yrpq-u3g8
vulnerability_id VCID-ppcr-yrpq-u3g8
summary The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-4597
reference_id
reference_type
scores
0
value 0.00685
scoring_system epss
scoring_elements 0.72015
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-4597
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4597
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4597
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651552
reference_id 651552
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651552
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.8.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.8.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.8.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-4597
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ppcr-yrpq-u3g8
132
url VCID-psxt-4x3k-augy
vulnerability_id VCID-psxt-4x3k-augy
summary asterisk: Two buffer overflows in RTP Codec Payload Handling (AST-2008-002)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1289.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1289.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-1289
reference_id
reference_type
scores
0
value 0.24953
scoring_system epss
scoring_elements 0.9626
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-1289
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1289
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1289
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=438127
reference_id 438127
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=438127
4
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/31440.txt
reference_id CVE-2008-1289;OSVDB-43416
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/31440.txt
5
reference_url https://www.securityfocus.com/bid/28308/info
reference_id CVE-2008-1289;OSVDB-43416
reference_type exploit
scores
url https://www.securityfocus.com/bid/28308/info
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.18.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.18.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.18.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2008-1289
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-psxt-4x3k-augy
133
url VCID-pt99-8yya-q3bx
vulnerability_id VCID-pt99-8yya-q3bx
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23537
reference_id
reference_type
scores
0
value 0.00422
scoring_system epss
scoring_elements 0.62317
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23537
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092
reference_id 1032092
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092
10
reference_url https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1
reference_id d8440f4d711a654b511f50f79c0445b26f9dd1e1
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/
url https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1
11
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
reference_id GHSA-9pfh-r8x4-w26w
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
12
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
13
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:20.4.0~dfsg%2B~cs6.13.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.4.0~dfsg%2B~cs6.13.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.4.0~dfsg%252B~cs6.13.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-23537
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pt99-8yya-q3bx
134
url VCID-q4a9-x9rc-tued
vulnerability_id VCID-q4a9-x9rc-tued
summary Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-8416
reference_id
reference_type
scores
0
value 0.00978
scoring_system epss
scoring_elements 0.77028
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-8416
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8416
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8416
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.1.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2014-8416
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q4a9-x9rc-tued
135
url VCID-qbcd-t5kt-4kbz
vulnerability_id VCID-qbcd-t5kt-4kbz
summary An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7287
reference_id
reference_type
scores
0
value 0.33107
scoring_system epss
scoring_elements 0.96983
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7287
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2018-7287
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qbcd-t5kt-4kbz
136
url VCID-qjdy-qgr6-13eg
vulnerability_id VCID-qjdy-qgr6-13eg
summary SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2003-0779
reference_id
reference_type
scores
0
value 0.00032
scoring_system epss
scoring_elements 0.09723
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2003-0779
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0779
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0779
fixed_packages
0
url pkg:deb/debian/asterisk@0.7.0?distro=sid
purl pkg:deb/debian/asterisk@0.7.0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0.7.0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2003-0779
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjdy-qgr6-13eg
137
url VCID-qk2c-ayv7-gub7
vulnerability_id VCID-qk2c-ayv7-gub7
summary asterisk: IAX2 DoS vulnerability (AST-2009-006)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2346.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2346.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-2346
reference_id
reference_type
scores
0
value 0.00791
scoring_system epss
scoring_elements 0.742
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-2346
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2346
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2346
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=521164
reference_id 521164
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=521164
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539473
reference_id 539473
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539473
5
reference_url https://security.gentoo.org/glsa/201006-20
reference_id GLSA-201006-20
reference_type
scores
url https://security.gentoo.org/glsa/201006-20
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.6.2.0~dfsg~beta3-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.6.2.0~dfsg~beta3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.0~dfsg~beta3-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2009-2346
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qk2c-ayv7-gub7
138
url VCID-qqzb-4ana-y7cc
vulnerability_id VCID-qqzb-4ana-y7cc
summary The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-2297
reference_id
reference_type
scores
0
value 0.02719
scoring_system epss
scoring_elements 0.86177
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-2297
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2297
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2297
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419820
reference_id 419820
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419820
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.2~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.2~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.2~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-2297
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qqzb-4ana-y7cc
139
url VCID-qt7n-33ke-nbg9
vulnerability_id VCID-qt7n-33ke-nbg9
summary Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-3762
reference_id
reference_type
scores
0
value 0.10199
scoring_system epss
scoring_elements 0.93254
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-3762
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3762
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3762
2
reference_url https://security.gentoo.org/glsa/200802-11
reference_id GLSA-200802-11
reference_type
scores
url https://security.gentoo.org/glsa/200802-11
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.8~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.8~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.8~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-3762
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qt7n-33ke-nbg9
140
url VCID-r8qs-axpa-dfcq
vulnerability_id VCID-r8qs-axpa-dfcq
summary Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1183
reference_id
reference_type
scores
0
value 0.00219
scoring_system epss
scoring_elements 0.44497
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1183
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1183
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1183
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664411
reference_id 664411
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664411
3
reference_url https://security.gentoo.org/glsa/201203-21
reference_id GLSA-201203-21
reference_type
scores
url https://security.gentoo.org/glsa/201203-21
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.10.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.10.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.10.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2012-1183
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r8qs-axpa-dfcq
141
url VCID-r9xj-a3g1-fqa4
vulnerability_id VCID-r9xj-a3g1-fqa4
summary Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. The endpoint at GET /httpstatus is the potential vulnerable endpoint relating to asterisk/main /http.c. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23738
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.16349
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23738
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23738
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23738
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
reference_id 1127438
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
3
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh
reference_id GHSA-v6hp-wh3r-cwxh
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:43:40Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u9?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u9?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u9%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2026-23738
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r9xj-a3g1-fqa4
142
url VCID-rkn5-9jy4-wbbx
vulnerability_id VCID-rkn5-9jy4-wbbx
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43845
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.52233
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43845
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id 1014998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
22
reference_url https://security.gentoo.org/glsa/202210-37
reference_id GLSA-202210-37
reference_type
scores
url https://security.gentoo.org/glsa/202210-37
23
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.12.0~dfsg%2B~cs6.12.40431413-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.12.0~dfsg%2B~cs6.12.40431413-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.12.0~dfsg%252B~cs6.12.40431413-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2021-43845
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rkn5-9jy4-wbbx
143
url VCID-rpyt-fx9h-dyf7
vulnerability_id VCID-rpyt-fx9h-dyf7
summary asterisk: Remote Crash Vulnerability in SIP channel driver (AST-2009-005)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2726.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2726.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-2726
reference_id
reference_type
scores
0
value 0.3069
scoring_system epss
scoring_elements 0.96804
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-2726
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=516990
reference_id 516990
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=516990
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541441
reference_id 541441
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541441
5
reference_url https://security.gentoo.org/glsa/201006-20
reference_id GLSA-201006-20
reference_type
scores
url https://security.gentoo.org/glsa/201006-20
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.6.2.0~dfsg~rc1-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.6.2.0~dfsg~rc1-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.0~dfsg~rc1-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2009-2726
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rpyt-fx9h-dyf7
144
url VCID-rtbp-4kb8-ayh4
vulnerability_id VCID-rtbp-4kb8-ayh4
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42365
reference_id
reference_type
scores
0
value 0.3195
scoring_system epss
scoring_elements 0.96897
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42365
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078574
reference_id 1078574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078574
3
reference_url https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
reference_id 42a2f4ccfa2c7062a15063e765916b3332e34cc4
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
4
reference_url https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
reference_id 7a0090325bfa9d778a39ae5f7d0a98109e4651c8
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
5
reference_url https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71
reference_id b4063bf756272254b160b6d1bd6e9a3f8e16cc71
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71
6
reference_url https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993
reference_id bbe68db10ab8a80c29db383e4dfe14f6eafaf993
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993
7
reference_url https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2
reference_id faddd99f2b9408b524e5eb8a01589fe1fa282df2
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2
8
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44
reference_id GHSA-c4cg-9275-6w44
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44
9
reference_url https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426
reference_id manager.c#L6426
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426
10
reference_url https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426
reference_id manager.c#L6426
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/
url https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u5?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u5?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u5%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:20.9.3~dfsg%2B~cs6.14.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.9.3~dfsg%2B~cs6.14.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.9.3~dfsg%252B~cs6.14.60671435-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2024-42365
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rtbp-4kb8-ayh4
145
url VCID-rxfr-prs2-1yb4
vulnerability_id VCID-rxfr-prs2-1yb4
summary asterisk: 3-way handshake in IAX2 incomplete (CVE-2008-1923)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1897.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1897.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-1897
reference_id
reference_type
scores
0
value 0.03049
scoring_system epss
scoring_elements 0.86917
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-1897
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1897
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1897
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=443761
reference_id 443761
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=443761
4
reference_url https://security.gentoo.org/glsa/200905-01
reference_id GLSA-200905-01
reference_type
scores
url https://security.gentoo.org/glsa/200905-01
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2008-1897
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rxfr-prs2-1yb4
146
url VCID-rzry-3zwj-z3ce
vulnerability_id VCID-rzry-3zwj-z3ce
summary main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2286
reference_id
reference_type
scores
0
value 0.14756
scoring_system epss
scoring_elements 0.94601
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2286
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2286
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2286
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741313
reference_id 741313
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741313
3
reference_url https://security.gentoo.org/glsa/201405-05
reference_id GLSA-201405-05
reference_type
scores
url https://security.gentoo.org/glsa/201405-05
fixed_packages
0
url pkg:deb/debian/asterisk@1:11.8.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:11.8.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.8.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2014-2286
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rzry-3zwj-z3ce
147
url VCID-s4vy-wpd9-nfeh
vulnerability_id VCID-s4vy-wpd9-nfeh
summary The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-3765
reference_id
reference_type
scores
0
value 0.00859
scoring_system epss
scoring_elements 0.75323
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-3765
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3765
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3765
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433681
reference_id 433681
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433681
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.8~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.8~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.8~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-3765
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s4vy-wpd9-nfeh
148
url VCID-s648-7tjm-dfew
vulnerability_id VCID-s648-7tjm-dfew
summary The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-4280
reference_id
reference_type
scores
0
value 0.03548
scoring_system epss
scoring_elements 0.87885
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-4280
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4280
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4280
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.10~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.10~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.10~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-4280
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s648-7tjm-dfew
149
url VCID-s8hn-1yhb-93c4
vulnerability_id VCID-s8hn-1yhb-93c4
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13161
reference_id
reference_type
scores
0
value 0.02307
scoring_system epss
scoring_elements 0.85015
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13161
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13161
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13161
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931981
reference_id 931981
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931981
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.2.1~dfsg-2?distro=sid
purl pkg:deb/debian/asterisk@1:16.2.1~dfsg-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2019-13161
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s8hn-1yhb-93c4
150
url VCID-sct3-tg39-cqd2
vulnerability_id VCID-sct3-tg39-cqd2
summary The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-8412
reference_id
reference_type
scores
0
value 0.00597
scoring_system epss
scoring_elements 0.69702
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-8412
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8412
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8412
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463
reference_id 771463
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463
3
reference_url https://security.gentoo.org/glsa/201412-51
reference_id GLSA-201412-51
reference_type
scores
url https://security.gentoo.org/glsa/201412-51
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.1.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2014-8412
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sct3-tg39-cqd2
151
url VCID-sh84-ms1c-efff
vulnerability_id VCID-sh84-ms1c-efff
summary channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-4737
reference_id
reference_type
scores
0
value 0.01504
scoring_system epss
scoring_elements 0.81461
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-4737
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4737
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4737
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680470
reference_id 680470
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680470
3
reference_url https://security.gentoo.org/glsa/201209-15
reference_id GLSA-201209-15
reference_type
scores
url https://security.gentoo.org/glsa/201209-15
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2012-4737
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sh84-ms1c-efff
152
url VCID-sktj-tzmw-u7dh
vulnerability_id VCID-sktj-tzmw-u7dh
summary Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-5358
reference_id
reference_type
scores
0
value 0.00689
scoring_system epss
scoring_elements 0.72099
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-5358
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5358
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5358
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.13~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.13~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.13~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-5358
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sktj-tzmw-u7dh
153
url VCID-sq5m-19b4-4uhq
vulnerability_id VCID-sq5m-19b4-4uhq
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43303
reference_id
reference_type
scores
0
value 0.00428
scoring_system epss
scoring_elements 0.62703
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43303
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id 1014998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
22
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
23
reference_url https://usn.ubuntu.com/8122-1/
reference_id USN-8122-1
reference_type
scores
url https://usn.ubuntu.com/8122-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.11.1~dfsg%2B~cs6.10.40431413-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.11.1~dfsg%2B~cs6.10.40431413-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.11.1~dfsg%252B~cs6.10.40431413-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2021-43303
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sq5m-19b4-4uhq
154
url VCID-srpf-1fvf-e7da
vulnerability_id VCID-srpf-1fvf-e7da
summary main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2686
reference_id
reference_type
scores
0
value 0.02448
scoring_system epss
scoring_elements 0.85441
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2686
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2686
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2686
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704114
reference_id 704114
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704114
3
reference_url https://security.gentoo.org/glsa/201401-15
reference_id GLSA-201401-15
reference_type
scores
url https://security.gentoo.org/glsa/201401-15
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2013-2686
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-srpf-1fvf-e7da
155
url VCID-ssr7-ursy-kbc3
vulnerability_id VCID-ssr7-ursy-kbc3
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-26712
reference_id
reference_type
scores
0
value 0.0327
scoring_system epss
scoring_elements 0.87379
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-26712
1
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2021-26712
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ssr7-ursy-kbc3
156
url VCID-sxxv-pt4p-pkgd
vulnerability_id VCID-sxxv-pt4p-pkgd
summary The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-8418
reference_id
reference_type
scores
0
value 0.01284
scoring_system epss
scoring_elements 0.7992
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-8418
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8418
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8418
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463
reference_id 771463
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463
3
reference_url https://security.gentoo.org/glsa/201412-51
reference_id GLSA-201412-51
reference_type
scores
url https://security.gentoo.org/glsa/201412-51
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.1.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2014-8418
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sxxv-pt4p-pkgd
157
url VCID-t3sm-dbsw-hkdf
vulnerability_id VCID-t3sm-dbsw-hkdf
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28327
reference_id
reference_type
scores
0
value 0.02764
scoring_system epss
scoring_elements 0.86269
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28327
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28327
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28327
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974712
reference_id 974712
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974712
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.15.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:16.15.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.15.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2020-28327
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t3sm-dbsw-hkdf
158
url VCID-t962-kkbp-vyeu
vulnerability_id VCID-t962-kkbp-vyeu
summary An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16672
reference_id
reference_type
scores
0
value 0.05269
scoring_system epss
scoring_elements 0.90138
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16672
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16672
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16672
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881256
reference_id 881256
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881256
3
reference_url https://security.gentoo.org/glsa/201811-11
reference_id GLSA-201811-11
reference_type
scores
url https://security.gentoo.org/glsa/201811-11
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.18.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.18.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.18.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2017-16672
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t962-kkbp-vyeu
159
url VCID-te7t-uxgc-93h7
vulnerability_id VCID-te7t-uxgc-93h7
summary The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-0685
reference_id
reference_type
scores
0
value 0.00101
scoring_system epss
scoring_elements 0.27543
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-0685
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0685
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0685
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.6.2.6-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.6.2.6-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.6-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2010-0685
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-te7t-uxgc-93h7
160
url VCID-tnky-hb2z-6bem
vulnerability_id VCID-tnky-hb2z-6bem
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-21723
reference_id
reference_type
scores
0
value 0.00468
scoring_system epss
scoring_elements 0.64796
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-21723
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896
reference_id 077b465c33f0aec05a49cd2ca456f9a1b112e896
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/
url https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id 1014998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
23
reference_url http://seclists.org/fulldisclosure/2022/Mar/2
reference_id 2
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/
url http://seclists.org/fulldisclosure/2022/Mar/2
24
reference_url http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html
reference_id Asterisk-Project-Security-Advisory-AST-2022-006.html
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/
url http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html
25
reference_url https://www.debian.org/security/2022/dsa-5285
reference_id dsa-5285
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/
url https://www.debian.org/security/2022/dsa-5285
26
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm
reference_id GHSA-7fw8-54cv-r7pm
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm
27
reference_url https://security.gentoo.org/glsa/202210-37
reference_id GLSA-202210-37
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/
url https://security.gentoo.org/glsa/202210-37
28
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
reference_id msg00021.html
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/
url https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
29
reference_url https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
reference_id msg00035.html
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/
url https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
30
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
31
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.10.1~dfsg%2B~cs6.10.40431411-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.10.1~dfsg%2B~cs6.10.40431411-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.10.1~dfsg%252B~cs6.10.40431411-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-21723
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tnky-hb2z-6bem
161
url VCID-u22x-qs7j-nyan
vulnerability_id VCID-u22x-qs7j-nyan
summary The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-2488
reference_id
reference_type
scores
0
value 0.03192
scoring_system epss
scoring_elements 0.87201
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-2488
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2488
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2488
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.5~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.5~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.5~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-2488
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u22x-qs7j-nyan
162
url VCID-u2qj-jv1z-aubs
vulnerability_id VCID-u2qj-jv1z-aubs
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-26651
reference_id
reference_type
scores
0
value 0.00559
scoring_system epss
scoring_elements 0.68531
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-26651
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.11.2~dfsg%2B~cs6.10.40431413-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.11.2~dfsg%2B~cs6.10.40431413-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.11.2~dfsg%252B~cs6.10.40431413-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-26651
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u2qj-jv1z-aubs
163
url VCID-u3hc-ww2b-rqde
vulnerability_id VCID-u3hc-ww2b-rqde
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-26499
reference_id
reference_type
scores
0
value 0.01115
scoring_system epss
scoring_elements 0.785
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-26499
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.11.2~dfsg%2B~cs6.10.40431413-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.11.2~dfsg%2B~cs6.10.40431413-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.11.2~dfsg%252B~cs6.10.40431413-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-26499
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u3hc-ww2b-rqde
164
url VCID-uk7c-kwvs-r3cw
vulnerability_id VCID-uk7c-kwvs-r3cw
summary buffer overflow
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-7100
reference_id
reference_type
scores
0
value 0.02551
scoring_system epss
scoring_elements 0.85736
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-7100
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7100
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7100
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732355
reference_id 732355
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732355
3
reference_url https://security.gentoo.org/glsa/201401-15
reference_id GLSA-201401-15
reference_type
scores
url https://security.gentoo.org/glsa/201401-15
fixed_packages
0
url pkg:deb/debian/asterisk@1:11.7.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:11.7.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.7.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2013-7100
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uk7c-kwvs-r3cw
165
url VCID-urjf-anyp-3qhv
vulnerability_id VCID-urjf-anyp-3qhv
summary A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16671
reference_id
reference_type
scores
0
value 0.03635
scoring_system epss
scoring_elements 0.88029
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16671
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16671
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16671
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881257
reference_id 881257
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881257
3
reference_url https://security.gentoo.org/glsa/201811-11
reference_id GLSA-201811-11
reference_type
scores
url https://security.gentoo.org/glsa/201811-11
4
reference_url https://usn.ubuntu.com/USN-4814-1/
reference_id USN-USN-4814-1
reference_type
scores
url https://usn.ubuntu.com/USN-4814-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.18.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.18.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.18.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2017-16671
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-urjf-anyp-3qhv
166
url VCID-utdf-kxfn-pka3
vulnerability_id VCID-utdf-kxfn-pka3
summary The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-6609
reference_id
reference_type
scores
0
value 0.00988
scoring_system epss
scoring_elements 0.77148
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-6609
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2014-6609
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-utdf-kxfn-pka3
167
url VCID-varg-6ch8-ebg1
vulnerability_id VCID-varg-6ch8-ebg1
summary asterisk allows calls on prohibited networks
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-3723
reference_id
reference_type
scores
0
value 0.00653
scoring_system epss
scoring_elements 0.71244
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-3723
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3723
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552756
reference_id 552756
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552756
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.6.2.0~rc3-2?distro=sid
purl pkg:deb/debian/asterisk@1:1.6.2.0~rc3-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.0~rc3-2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2009-3723
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-varg-6ch8-ebg1
168
url VCID-vpmy-6q1h-s3cv
vulnerability_id VCID-vpmy-6q1h-s3cv
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3008
reference_id
reference_type
scores
0
value 0.39025
scoring_system epss
scoring_elements 0.97342
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3008
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2316
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2316
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7551
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7551
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782411
reference_id 782411
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782411
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.7.2~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.7.2~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.7.2~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2015-3008
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vpmy-6q1h-s3cv
169
url VCID-vq1r-wndd-pkfj
vulnerability_id VCID-vq1r-wndd-pkfj
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24763
reference_id
reference_type
scores
0
value 0.01399
scoring_system epss
scoring_elements 0.80726
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24763
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976
reference_id 1014976
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id 1014998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
23
reference_url https://security.gentoo.org/glsa/202210-37
reference_id GLSA-202210-37
reference_type
scores
url https://security.gentoo.org/glsa/202210-37
24
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%2B~cs6.12.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%2B~cs6.12.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-24763
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vq1r-wndd-pkfj
170
url VCID-w4rq-h2cf-tyd8
vulnerability_id VCID-w4rq-h2cf-tyd8
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-26717
reference_id
reference_type
scores
0
value 0.00421
scoring_system epss
scoring_elements 0.62292
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-26717
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26717
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26717
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983157
reference_id 983157
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983157
3
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.16.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:16.16.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.16.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2021-26717
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w4rq-h2cf-tyd8
171
url VCID-wbaw-ad2z-nkbk
vulnerability_id VCID-wbaw-ad2z-nkbk
summary asterisk: Format String Vulnerability in Logger and Manager (AST-2008-004)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1333.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1333.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-1333
reference_id
reference_type
scores
0
value 0.03255
scoring_system epss
scoring_elements 0.87353
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-1333
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1333
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1333
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=438130
reference_id 438130
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=438130
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.18.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.18.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.18.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2008-1333
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wbaw-ad2z-nkbk
172
url VCID-wdan-ut8f-xfey
vulnerability_id VCID-wdan-ut8f-xfey
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-26906
reference_id
reference_type
scores
0
value 0.00811
scoring_system epss
scoring_elements 0.7453
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-26906
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26906
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26906
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983159
reference_id 983159
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983159
3
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.16.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:16.16.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.16.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2021-26906
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wdan-ut8f-xfey
173
url VCID-wg8m-nzyj-kkgz
vulnerability_id VCID-wg8m-nzyj-kkgz
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18790
reference_id
reference_type
scores
0
value 0.07372
scoring_system epss
scoring_elements 0.91833
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18790
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18790
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947381
reference_id 947381
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947381
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.10.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:16.10.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.10.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2019-18790
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wg8m-nzyj-kkgz
174
url VCID-whex-hbuj-97ge
vulnerability_id VCID-whex-hbuj-97ge
summary Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3812
reference_id
reference_type
scores
0
value 0.07186
scoring_system epss
scoring_elements 0.91712
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3812
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3812
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3812
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680470
reference_id 680470
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680470
3
reference_url https://security.gentoo.org/glsa/201209-15
reference_id GLSA-201209-15
reference_type
scores
url https://security.gentoo.org/glsa/201209-15
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2012-3812
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-whex-hbuj-97ge
175
url VCID-wph3-agzg-1yea
vulnerability_id VCID-wph3-agzg-1yea
summary Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2006-4346
reference_id
reference_type
scores
0
value 0.02329
scoring_system epss
scoring_elements 0.85085
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2006-4346
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4346
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4346
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=385060
reference_id 385060
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=385060
3
reference_url https://security.gentoo.org/glsa/200610-15
reference_id GLSA-200610-15
reference_type
scores
url https://security.gentoo.org/glsa/200610-15
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.2.11.dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.2.11.dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.2.11.dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2006-4346
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wph3-agzg-1yea
176
url VCID-wqkn-49r3-zyak
vulnerability_id VCID-wqkn-49r3-zyak
summary The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2264
reference_id
reference_type
scores
0
value 0.00171
scoring_system epss
scoring_elements 0.38085
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2264
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2264
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2264
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704114
reference_id 704114
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704114
3
reference_url https://security.gentoo.org/glsa/201401-15
reference_id GLSA-201401-15
reference_type
scores
url https://security.gentoo.org/glsa/201401-15
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2013-2264
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wqkn-49r3-zyak
177
url VCID-wxe5-hd3w-ebay
vulnerability_id VCID-wxe5-hd3w-ebay
summary Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2006-5445
reference_id
reference_type
scores
0
value 0.10034
scoring_system epss
scoring_elements 0.9319
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2006-5445
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5445
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5445
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=395080
reference_id 395080
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=395080
3
reference_url https://security.gentoo.org/glsa/200610-15
reference_id GLSA-200610-15
reference_type
scores
url https://security.gentoo.org/glsa/200610-15
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.2.13~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.2.13~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.2.13~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2006-5445
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wxe5-hd3w-ebay
178
url VCID-wzbf-ag2n-8kbw
vulnerability_id VCID-wzbf-ag2n-8kbw
summary Asterisk: SIP responses expose valid usernames (AST-2009-008)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3727.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3727.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-3727
reference_id
reference_type
scores
0
value 0.0072
scoring_system epss
scoring_elements 0.72786
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-3727
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3727
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3727
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=533137
reference_id 533137
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=533137
4
reference_url https://security.gentoo.org/glsa/201006-20
reference_id GLSA-201006-20
reference_type
scores
url https://security.gentoo.org/glsa/201006-20
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.6.2.0~rc6-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.6.2.0~rc6-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.0~rc6-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2009-3727
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wzbf-ag2n-8kbw
179
url VCID-x142-tqyd-d3a2
vulnerability_id VCID-x142-tqyd-d3a2
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-15297
reference_id
reference_type
scores
0
value 0.01814
scoring_system epss
scoring_elements 0.83157
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-15297
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15297
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15297
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940060
reference_id 940060
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940060
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.10.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:16.10.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.10.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2019-15297
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x142-tqyd-d3a2
180
url VCID-x25w-m4wc-f3hx
vulnerability_id VCID-x25w-m4wc-f3hx
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35652
reference_id
reference_type
scores
0
value 0.00114
scoring_system epss
scoring_elements 0.29705
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35652
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35652
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979372
reference_id 979372
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979372
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.15.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:16.15.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.15.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2020-35652
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x25w-m4wc-f3hx
181
url VCID-x6pd-2arc-gqdq
vulnerability_id VCID-x6pd-2arc-gqdq
summary HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3389
reference_id
reference_type
scores
0
value 0.03832
scoring_system epss
scoring_elements 0.88348
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3389
2
reference_url https://curl.se/docs/CVE-2011-3389.html
reference_id
reference_type
scores
0
value High
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2011-3389.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=737506
reference_id 737506
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=737506
6
reference_url https://security.gentoo.org/glsa/201111-02
reference_id GLSA-201111-02
reference_type
scores
url https://security.gentoo.org/glsa/201111-02
7
reference_url https://security.gentoo.org/glsa/201203-02
reference_id GLSA-201203-02
reference_type
scores
url https://security.gentoo.org/glsa/201203-02
8
reference_url https://security.gentoo.org/glsa/201301-01
reference_id GLSA-201301-01
reference_type
scores
url https://security.gentoo.org/glsa/201301-01
9
reference_url https://security.gentoo.org/glsa/201406-32
reference_id GLSA-201406-32
reference_type
scores
url https://security.gentoo.org/glsa/201406-32
10
reference_url https://access.redhat.com/errata/RHSA-2011:1380
reference_id RHSA-2011:1380
reference_type
scores
url https://access.redhat.com/errata/RHSA-2011:1380
11
reference_url https://access.redhat.com/errata/RHSA-2011:1384
reference_id RHSA-2011:1384
reference_type
scores
url https://access.redhat.com/errata/RHSA-2011:1384
12
reference_url https://access.redhat.com/errata/RHSA-2012:0006
reference_id RHSA-2012:0006
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:0006
13
reference_url https://access.redhat.com/errata/RHSA-2012:0034
reference_id RHSA-2012:0034
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:0034
14
reference_url https://access.redhat.com/errata/RHSA-2012:0343
reference_id RHSA-2012:0343
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:0343
15
reference_url https://access.redhat.com/errata/RHSA-2012:0508
reference_id RHSA-2012:0508
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:0508
16
reference_url https://access.redhat.com/errata/RHSA-2013:1455
reference_id RHSA-2013:1455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1455
17
reference_url https://usn.ubuntu.com/1263-1/
reference_id USN-1263-1
reference_type
scores
url https://usn.ubuntu.com/1263-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.7.2~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.7.2~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.7.2~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-3389
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x6pd-2arc-gqdq
182
url VCID-xv18-hdha-abf6
vulnerability_id VCID-xv18-hdha-abf6
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2232
reference_id
reference_type
scores
0
value 0.07852
scoring_system epss
scoring_elements 0.92118
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2232
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2316
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2316
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7551
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7551
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.7.2~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.7.2~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.7.2~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2016-2232
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xv18-hdha-abf6
183
url VCID-y2d6-pyca-8fh1
vulnerability_id VCID-y2d6-pyca-8fh1
summary Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23741
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12698
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23741
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23741
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23741
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
reference_id 1127438
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
3
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3
reference_id GHSA-rvch-3jmx-3jf3
reference_type
scores
0
value 0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:22:49Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u9?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u9?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u9%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2026-23741
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y2d6-pyca-8fh1
184
url VCID-y4c5-z7zt-yuaf
vulnerability_id VCID-y4c5-z7zt-yuaf
summary manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1599
reference_id
reference_type
scores
0
value 0.00338
scoring_system epss
scoring_elements 0.56843
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1599
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1599
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1599
2
reference_url https://security.gentoo.org/glsa/201110-21
reference_id GLSA-201110-21
reference_type
scores
url https://security.gentoo.org/glsa/201110-21
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.3.3-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-1599
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y4c5-z7zt-yuaf
185
url VCID-y5gf-ck7b-w3dw
vulnerability_id VCID-y5gf-ck7b-w3dw
summary A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7285
reference_id
reference_type
scores
0
value 0.00536
scoring_system epss
scoring_elements 0.67751
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7285
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2018-7285
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y5gf-ck7b-w3dw
186
url VCID-y93m-uy8a-zbcg
vulnerability_id VCID-y93m-uy8a-zbcg
summary Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1558
reference_id
reference_type
scores
0
value 0.15669
scoring_system epss
scoring_elements 0.94813
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1558
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1558
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1558
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780601
reference_id 780601
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780601
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.1.0~dfsg-1.1?distro=sid
purl pkg:deb/debian/asterisk@1:13.1.0~dfsg-1.1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.1.0~dfsg-1.1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2015-1558
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y93m-uy8a-zbcg
187
url VCID-yfkn-8m2a-nqg2
vulnerability_id VCID-yfkn-8m2a-nqg2
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32558
reference_id
reference_type
scores
0
value 0.02875
scoring_system epss
scoring_elements 0.86522
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32558
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991710
reference_id 991710
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991710
4
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.16.1~dfsg-1%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.16.1~dfsg-1%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.16.1~dfsg-1%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.16.1~dfsg-2?distro=sid
purl pkg:deb/debian/asterisk@1:16.16.1~dfsg-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.16.1~dfsg-2%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2021-32558
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yfkn-8m2a-nqg2
188
url VCID-yp4v-q2dc-qbca
vulnerability_id VCID-yp4v-q2dc-qbca
summary Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0495
reference_id
reference_type
scores
0
value 0.00573
scoring_system epss
scoring_elements 0.69024
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0495
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0495
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0495
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610487
reference_id 610487
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610487
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.6.2.9-2%2Bsqueeze1?distro=sid
purl pkg:deb/debian/asterisk@1:1.6.2.9-2%2Bsqueeze1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.9-2%252Bsqueeze1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-0495
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yp4v-q2dc-qbca
189
url VCID-yuh9-m3ye-sfg7
vulnerability_id VCID-yuh9-m3ye-sfg7
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31031
reference_id
reference_type
scores
0
value 0.00721
scoring_system epss
scoring_elements 0.72809
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31031
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017004
reference_id 1017004
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017004
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017005
reference_id 1017005
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017005
11
reference_url https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202
reference_id 450baca94f475345542c6953832650c390889202
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/
url https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202
12
reference_url https://www.debian.org/security/2023/dsa-5358
reference_id dsa-5358
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/
url https://www.debian.org/security/2023/dsa-5358
13
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj
reference_id GHSA-26j7-ww69-c4qj
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj
14
reference_url https://security.gentoo.org/glsa/202210-37
reference_id GLSA-202210-37
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/
url https://security.gentoo.org/glsa/202210-37
15
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
reference_id msg00029.html
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
16
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
17
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.0.1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-31031
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yuh9-m3ye-sfg7
190
url VCID-yy9w-2fwe-jfd8
vulnerability_id VCID-yy9w-2fwe-jfd8
summary several
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-5641
reference_id
reference_type
scores
0
value 0.04098
scoring_system epss
scoring_elements 0.88772
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-5641
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5641
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5641
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5642
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5642
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721220
reference_id 721220
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721220
4
reference_url https://security.gentoo.org/glsa/201401-15
reference_id GLSA-201401-15
reference_type
scores
url https://security.gentoo.org/glsa/201401-15
fixed_packages
0
url pkg:deb/debian/asterisk@1:11.5.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:11.5.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.5.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2013-5641
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yy9w-2fwe-jfd8
191
url VCID-yycn-x9w8-wkhc
vulnerability_id VCID-yycn-x9w8-wkhc
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19278
reference_id
reference_type
scores
0
value 0.03169
scoring_system epss
scoring_elements 0.87153
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19278
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2018-19278
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yycn-x9w8-wkhc
192
url VCID-yzr5-f8ep-zqe2
vulnerability_id VCID-yzr5-f8ep-zqe2
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23608
reference_id
reference_type
scores
0
value 0.00784
scoring_system epss
scoring_elements 0.74063
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23608
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
21
reference_url http://seclists.org/fulldisclosure/2022/Mar/1
reference_id 1
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/
url http://seclists.org/fulldisclosure/2022/Mar/1
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id 1014998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
23
reference_url http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html
reference_id Asterisk-Project-Security-Advisory-AST-2022-005.html
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/
url http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html
24
reference_url https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f
reference_id db3235953baa56d2fb0e276ca510fefca751643f
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/
url https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f
25
reference_url https://www.debian.org/security/2022/dsa-5285
reference_id dsa-5285
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/
url https://www.debian.org/security/2022/dsa-5285
26
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62
reference_id GHSA-ffff-m5fm-qm62
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62
27
reference_url https://security.gentoo.org/glsa/202210-37
reference_id GLSA-202210-37
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/
url https://security.gentoo.org/glsa/202210-37
28
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
reference_id msg00021.html
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/
url https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
29
reference_url https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
reference_id msg00035.html
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/
url https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
30
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
31
reference_url https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html
reference_id msg00040.html
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/
url https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html
32
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:18.10.1~dfsg%2B~cs6.10.40431411-1?distro=sid
purl pkg:deb/debian/asterisk@1:18.10.1~dfsg%2B~cs6.10.40431411-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.10.1~dfsg%252B~cs6.10.40431411-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-23608
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yzr5-f8ep-zqe2
193
url VCID-z4g1-1f71-g3dy
vulnerability_id VCID-z4g1-1f71-g3dy
summary Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-5976
reference_id
reference_type
scores
0
value 0.29742
scoring_system epss
scoring_elements 0.96714
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-5976
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5976
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5976
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697230
reference_id 697230
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697230
3
reference_url https://security.gentoo.org/glsa/201401-15
reference_id GLSA-201401-15
reference_type
scores
url https://security.gentoo.org/glsa/201401-15
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2012-5976
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z4g1-1f71-g3dy
194
url VCID-z7b5-c8qs-tygn
vulnerability_id VCID-z7b5-c8qs-tygn
summary Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-8415
reference_id
reference_type
scores
0
value 0.0113
scoring_system epss
scoring_elements 0.78623
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-8415
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8415
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8415
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.1.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2014-8415
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z7b5-c8qs-tygn
195
url VCID-z7x2-p7cn-t3h5
vulnerability_id VCID-z7x2-p7cn-t3h5
summary asterisk: Unauthenticated calls allowed from SIP channel driver (AST-2008-003)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1332.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1332.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-1332
reference_id
reference_type
scores
0
value 0.01213
scoring_system epss
scoring_elements 0.79299
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-1332
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1332
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1332
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=438129
reference_id 438129
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=438129
4
reference_url https://security.gentoo.org/glsa/200804-13
reference_id GLSA-200804-13
reference_type
scores
url https://security.gentoo.org/glsa/200804-13
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.18.1~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.18.1~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.18.1~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2008-1332
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z7x2-p7cn-t3h5
196
url VCID-zctx-7u3f-zuhd
vulnerability_id VCID-zctx-7u3f-zuhd
summary main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-1224
reference_id
reference_type
scores
0
value 0.01
scoring_system epss
scoring_elements 0.77291
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-1224
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1224
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1224
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576560
reference_id 576560
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576560
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.6.2.6-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.6.2.6-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.6-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2010-1224
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zctx-7u3f-zuhd
197
url VCID-ze9e-6eex-xuer
vulnerability_id VCID-ze9e-6eex-xuer
summary Asterisk: Remote DoS via specially-crafted FaxMaxDatagram SDP packets (AST-2010-001)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0441.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0441.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-0441
reference_id
reference_type
scores
0
value 0.03526
scoring_system epss
scoring_elements 0.87852
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-0441
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0441
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0441
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=561332
reference_id 561332
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=561332
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.6.2.2-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.6.2.2-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.2-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2010-0441
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ze9e-6eex-xuer
198
url VCID-zm66-9m5e-2bem
vulnerability_id VCID-zm66-9m5e-2bem
summary chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3553
reference_id
reference_type
scores
0
value 0.00069
scoring_system epss
scoring_elements 0.21271
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3553
fixed_packages
0
url pkg:deb/debian/asterisk@0?distro=sid
purl pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2012-3553
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zm66-9m5e-2bem
199
url VCID-zr5f-baa7-h3h1
vulnerability_id VCID-zr5f-baa7-h3h1
summary The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-3763
reference_id
reference_type
scores
0
value 0.25182
scoring_system epss
scoring_elements 0.96282
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-3763
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3763
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3763
2
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/4249.rb
reference_id CVE-2007-3763
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/4249.rb
3
reference_url https://security.gentoo.org/glsa/200802-11
reference_id GLSA-200802-11
reference_type
scores
url https://security.gentoo.org/glsa/200802-11
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.8~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.8~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.8~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-3763
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zr5f-baa7-h3h1
200
url VCID-zrcm-vdc5-bffj
vulnerability_id VCID-zrcm-vdc5-bffj
summary The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-8413
reference_id
reference_type
scores
0
value 0.00302
scoring_system epss
scoring_elements 0.5377
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-8413
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8413
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8413
fixed_packages
0
url pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.1.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2014-8413
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zrcm-vdc5-bffj
201
url VCID-zta3-e3f4-2qau
vulnerability_id VCID-zta3-e3f4-2qau
summary The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-4103
reference_id
reference_type
scores
0
value 0.02623
scoring_system epss
scoring_elements 0.85918
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-4103
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4103
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4103
2
reference_url https://security.gentoo.org/glsa/200802-11
reference_id GLSA-200802-11
reference_type
scores
url https://security.gentoo.org/glsa/200802-11
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.4.9~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.4.9~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.9~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2007-4103
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zta3-e3f4-2qau
202
url VCID-zvqd-1d24-jqa6
vulnerability_id VCID-zvqd-1d24-jqa6
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38703
reference_id
reference_type
scores
0
value 0.0028
scoring_system epss
scoring_elements 0.51629
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38703
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303
reference_id 1059303
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059307
reference_id 1059307
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059307
7
reference_url https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d
reference_id 6dc9b8c181aff39845f02b4626e0812820d4ef0d
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T18:46:16Z/
url https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d
8
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66
reference_id GHSA-f76w-fh7c-pc66
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T18:46:16Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66
9
reference_url https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
reference_id msg00019.html
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T18:46:16Z/
url https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:20.8.1~dfsg%2B~cs6.14.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.8.1~dfsg%2B~cs6.14.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.8.1~dfsg%252B~cs6.14.40431414-1%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2023-38703
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zvqd-1d24-jqa6
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid