{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","type":"deb","namespace":"debian","name":"asterisk","version":"1:16.28.0~dfsg-0+deb11u3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1:22.9.0+dfsg+~cs6.16.60671434-1","latest_non_vulnerable_version":"1:22.9.0+dfsg+~cs6.16.60671434-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64676?format=json","vulnerability_id":"VCID-1qxc-4xk5-2feu","summary":"Asterisk: Asterisk: Arbitrary code execution and file overwrite as root via insecure ast_coredumper file handling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23740.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23740.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23740","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.025","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02516","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02512","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02514","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02517","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02538","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02504","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02503","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0367","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03726","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03702","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03531","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0368","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03676","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03544","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23740"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438","reference_id":"1127438","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437723","reference_id":"2437723","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437723"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c","reference_id":"GHSA-xpc6-x892-v83c","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-06T19:11:52Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2026-23740"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qxc-4xk5-2feu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96720?format=json","vulnerability_id":"VCID-2qjc-yspn-xydj","summary":"Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47780","reference_id":"","reference_type":"","scores":[{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63816","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63859","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63834","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63846","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63845","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.68847","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.6877","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.68859","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.68869","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.68818","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.6879","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.68768","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.6882","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.68839","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.68862","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47780"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47780"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106530","reference_id":"1106530","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106530"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2","reference_id":"GHSA-c7p6-7mvq-8jq2","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:24:44Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2025-47780"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2qjc-yspn-xydj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56274?format=json","vulnerability_id":"VCID-43ff-97jw-hkce","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1131","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14083","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13943","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14025","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14078","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14023","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13986","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13936","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1384","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13834","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14137","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15923","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16034","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15928","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15888","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15766","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15876","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1131"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp","reference_id":"GHSA-v9q8-9j8m-5xwp","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/V:C/RE:H/U:Amber"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-24T03:55:15Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp"},{"reference_url":"https://security.gentoo.org/glsa/202601-04","reference_id":"GLSA-202601-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202601-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2025-1131"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-43ff-97jw-hkce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42496?format=json","vulnerability_id":"VCID-55vv-7jsj-xqeh","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49294","reference_id":"","reference_type":"","scores":[{"value":"0.17085","scoring_system":"epss","scoring_elements":"0.94971","published_at":"2026-04-02T12:55:00Z"},{"value":"0.17085","scoring_system":"epss","scoring_elements":"0.94973","published_at":"2026-04-04T12:55:00Z"},{"value":"0.17085","scoring_system":"epss","scoring_elements":"0.94976","published_at":"2026-04-07T12:55:00Z"},{"value":"0.17085","scoring_system":"epss","scoring_elements":"0.94985","published_at":"2026-04-08T12:55:00Z"},{"value":"0.17085","scoring_system":"epss","scoring_elements":"0.94988","published_at":"2026-04-09T12:55:00Z"},{"value":"0.17085","scoring_system":"epss","scoring_elements":"0.94993","published_at":"2026-04-11T12:55:00Z"},{"value":"0.17085","scoring_system":"epss","scoring_elements":"0.94995","published_at":"2026-04-12T12:55:00Z"},{"value":"0.17085","scoring_system":"epss","scoring_elements":"0.94997","published_at":"2026-04-13T12:55:00Z"},{"value":"0.17085","scoring_system":"epss","scoring_elements":"0.95006","published_at":"2026-04-16T12:55:00Z"},{"value":"0.17085","scoring_system":"epss","scoring_elements":"0.9501","published_at":"2026-04-18T12:55:00Z"},{"value":"0.17085","scoring_system":"epss","scoring_elements":"0.95013","published_at":"2026-04-29T12:55:00Z"},{"value":"0.17085","scoring_system":"epss","scoring_elements":"0.95012","published_at":"2026-04-26T12:55:00Z"},{"value":"0.17085","scoring_system":"epss","scoring_elements":"0.95023","published_at":"2026-05-05T12:55:00Z"},{"value":"0.17085","scoring_system":"epss","scoring_elements":"0.95029","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059032","reference_id":"1059032","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059032"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585942?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-r54j-ydjm-4uca"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4"}],"aliases":["CVE-2023-49294"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-55vv-7jsj-xqeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96800?format=json","vulnerability_id":"VCID-63fe-saga-13ct","summary":"Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54995","reference_id":"","reference_type":"","scores":[{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76876","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76981","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76968","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76961","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76927","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76935","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.7693","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76889","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76894","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76914","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76886","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76862","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76844","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77363","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.77993","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.78022","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54995"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54995","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54995"},{"reference_url":"https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9","reference_id":"0278f5bde14565c6838a6ec39bc21aee0cde56a9","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9"},{"reference_url":"https://github.com/asterisk/asterisk/pull/1405","reference_id":"1405","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/pull/1405"},{"reference_url":"https://github.com/asterisk/asterisk/pull/1406","reference_id":"1406","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/pull/1406"},{"reference_url":"https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d","reference_id":"eafcd7a451dcd007dddf324ac37dd55a4808338d","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2","reference_id":"GHSA-557q-795j-wfx2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2025-54995"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63fe-saga-13ct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64677?format=json","vulnerability_id":"VCID-8kjy-xtm2-bqan","summary":"Asterisk: Asterisk: Local file disclosure via unsafe XML parsing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23739.json","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23739.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23739","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14927","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14875","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15004","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14808","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14898","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14948","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14913","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14816","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17068","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17156","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17345","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17353","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17269","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17208","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17385","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17292","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23739"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438","reference_id":"1127438","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437909","reference_id":"2437909","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437909"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42","reference_id":"GHSA-85x7-54wr-vh42","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:36:34Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2026-23739"],"risk_score":0.9,"exploitability":"0.5","weighted_severity":"1.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8kjy-xtm2-bqan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96182?format=json","vulnerability_id":"VCID-9u4p-wdky-a3h1","summary":"Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42365","reference_id":"","reference_type":"","scores":[{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96796","published_at":"2026-04-04T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96842","published_at":"2026-05-07T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96838","published_at":"2026-05-05T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.9683","published_at":"2026-04-29T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96827","published_at":"2026-04-26T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96825","published_at":"2026-04-24T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96822","published_at":"2026-04-18T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96819","published_at":"2026-04-16T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96812","published_at":"2026-04-13T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.9681","published_at":"2026-04-09T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96809","published_at":"2026-04-08T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96801","published_at":"2026-04-07T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96795","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42365"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078574","reference_id":"1078574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078574"},{"reference_url":"https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4","reference_id":"42a2f4ccfa2c7062a15063e765916b3332e34cc4","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4"},{"reference_url":"https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8","reference_id":"7a0090325bfa9d778a39ae5f7d0a98109e4651c8","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8"},{"reference_url":"https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71","reference_id":"b4063bf756272254b160b6d1bd6e9a3f8e16cc71","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71"},{"reference_url":"https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993","reference_id":"bbe68db10ab8a80c29db383e4dfe14f6eafaf993","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993"},{"reference_url":"https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2","reference_id":"faddd99f2b9408b524e5eb8a01589fe1fa282df2","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44","reference_id":"GHSA-c4cg-9275-6w44","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44"},{"reference_url":"https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426","reference_id":"manager.c#L6426","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426"},{"reference_url":"https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426","reference_id":"manager.c#L6426","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2024-42365"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9u4p-wdky-a3h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42497?format=json","vulnerability_id":"VCID-bk8r-brkr-bqc6","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49786","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26846","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2674","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26791","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26794","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26749","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26693","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.267","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26631","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26575","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26567","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26494","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2636","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2643","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26886","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26672","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033","reference_id":"1059033","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Dec/24","reference_id":"24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Dec/24"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/15/7","reference_id":"7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/15/7"},{"reference_url":"http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html","reference_id":"Asterisk-20.1.0-Denial-Of-Service.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"},{"reference_url":"https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05","reference_id":"d7d7764cb07c8a1872804321302ef93bf62cba05","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"},{"reference_url":"https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race","reference_id":"ES2023-01-asterisk-dtls-hello-race","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq","reference_id":"GHSA-hxj9-xwr8-w8pq","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html","reference_id":"msg00019.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585942?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-r54j-ydjm-4uca"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4"}],"aliases":["CVE-2023-49786"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bk8r-brkr-bqc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42495?format=json","vulnerability_id":"VCID-bknu-abgc-bugw","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37457","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22375","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2242","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22208","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2229","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22345","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22365","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22324","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22265","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22269","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22263","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22215","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22065","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22053","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22039","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.21943","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22017","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37457"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303","reference_id":"1059303","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585942?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-r54j-ydjm-4uca"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4"}],"aliases":["CVE-2023-37457"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bknu-abgc-bugw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96268?format=json","vulnerability_id":"VCID-gy3u-c6dc-sbbn","summary":"An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53566","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15466","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15447","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15396","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15391","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15594","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15662","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15461","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15548","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15603","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15567","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1553","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20697","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20764","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.2076","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20727","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20623","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53566"},{"reference_url":"https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616","reference_id":"e7c0f44ffb38c00320aa1a6d98bee616","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:37:51Z/"}],"url":"https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616"},{"reference_url":"https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556","reference_id":"manager.c#L2556","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:37:51Z/"}],"url":"https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2024-53566"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gy3u-c6dc-sbbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97012?format=json","vulnerability_id":"VCID-phb4-xaj7-byg2","summary":"Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23741","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1028","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10347","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10245","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10319","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10412","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10373","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10351","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12199","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12251","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12246","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1231","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12115","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12244","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1235","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12343","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23741"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438","reference_id":"1127438","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3","reference_id":"GHSA-rvch-3jmx-3jf3","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:22:49Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2026-23741"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-phb4-xaj7-byg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95660?format=json","vulnerability_id":"VCID-pmte-bc34-pfcv","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38703","reference_id":"","reference_type":"","scores":[{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51371","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51481","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51459","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51417","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51378","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51321","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51384","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51411","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.5137","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51424","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51422","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51465","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51444","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51431","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51473","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303","reference_id":"1059303","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059307","reference_id":"1059307","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059307"},{"reference_url":"https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d","reference_id":"6dc9b8c181aff39845f02b4626e0812820d4ef0d","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T18:46:16Z/"}],"url":"https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66","reference_id":"GHSA-f76w-fh7c-pc66","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T18:46:16Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html","reference_id":"msg00019.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T18:46:16Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585942?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-r54j-ydjm-4uca"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4"}],"aliases":["CVE-2023-38703"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmte-bc34-pfcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96183?format=json","vulnerability_id":"VCID-qcqe-63ev-f7gv","summary":"Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42491","reference_id":"","reference_type":"","scores":[{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72535","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72564","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76513","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76484","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76496","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76528","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76539","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76565","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76545","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.7658","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76584","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76572","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76604","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76609","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76622","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42491"},{"reference_url":"https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4","reference_id":"42a2f4ccfa2c7062a15063e765916b3332e34cc4","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4"},{"reference_url":"https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742","reference_id":"4f01669c7c41c9184f3cce9a3cf1b2ebf6201742","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742"},{"reference_url":"https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2","reference_id":"50bf8d4d3064930d28ecf1ce3397b14574d514d2","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2"},{"reference_url":"https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8","reference_id":"7a0090325bfa9d778a39ae5f7d0a98109e4651c8","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8"},{"reference_url":"https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0","reference_id":"a15050650abf09c10a3c135fab148220cd41d3a0","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9","reference_id":"GHSA-v428-g3cw-7hv9","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2024-42491"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qcqe-63ev-f7gv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96719?format=json","vulnerability_id":"VCID-u91b-9huy-43hn","summary":"Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47779","reference_id":"","reference_type":"","scores":[{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51265","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51308","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51269","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51215","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51279","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51304","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51264","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51319","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51316","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51338","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51324","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51367","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51374","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51354","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51301","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47779"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106528","reference_id":"1106528","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106528"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw","reference_id":"GHSA-2grh-7mhv-fcfw","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:25:58Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw"},{"reference_url":"https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample","reference_id":"pjsip.conf.sample","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:25:58Z/"}],"url":"https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2025-47779"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u91b-9huy-43hn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97011?format=json","vulnerability_id":"VCID-ytty-tbs1-ffc7","summary":"Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. The endpoint at GET /httpstatus is the potential vulnerable endpoint relating to asterisk/main /http.c. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23738","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13683","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13745","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13546","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13627","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13678","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13648","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13611","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13564","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15853","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1584","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15817","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15888","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15729","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15831","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15877","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15893","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23738"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438","reference_id":"1127438","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh","reference_id":"GHSA-v6hp-wh3r-cwxh","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:43:40Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2026-23738"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ytty-tbs1-ffc7"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94092?format=json","vulnerability_id":"VCID-32hs-eqw2-1kf2","summary":"An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.","references":[{"reference_url":"http://downloads.asterisk.org/pub/security/AST-2019-006.html","reference_id":"","reference_type":"","scores":[],"url":"http://downloads.asterisk.org/pub/security/AST-2019-006.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18790","reference_id":"","reference_type":"","scores":[{"value":"0.07418","scoring_system":"epss","scoring_elements":"0.91786","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07418","scoring_system":"epss","scoring_elements":"0.91775","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07418","scoring_system":"epss","scoring_elements":"0.91705","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07418","scoring_system":"epss","scoring_elements":"0.91713","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07418","scoring_system":"epss","scoring_elements":"0.91718","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07418","scoring_system":"epss","scoring_elements":"0.91726","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07418","scoring_system":"epss","scoring_elements":"0.91738","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07418","scoring_system":"epss","scoring_elements":"0.91745","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07418","scoring_system":"epss","scoring_elements":"0.91748","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07418","scoring_system":"epss","scoring_elements":"0.91751","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07418","scoring_system":"epss","scoring_elements":"0.91746","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07418","scoring_system":"epss","scoring_elements":"0.91767","published_at":"2026-04-16T12:55:00Z"},{"value":"0.07418","scoring_system":"epss","scoring_elements":"0.91759","published_at":"2026-04-18T12:55:00Z"},{"value":"0.07418","scoring_system":"epss","scoring_elements":"0.91761","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07418","scoring_system":"epss","scoring_elements":"0.91766","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07418","scoring_system":"epss","scoring_elements":"0.91764","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18790"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"},{"reference_url":"https://www.asterisk.org/downloads/security-advisories","reference_id":"","reference_type":"","scores":[],"url":"https://www.asterisk.org/downloads/security-advisories"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947381","reference_id":"947381","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947381"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:certified_asterisk:13.21.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:cert1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:certified_asterisk:13.21.0:cert1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:cert1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:cert3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:certified_asterisk:13.21.0:cert3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:cert3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:cert4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:certified_asterisk:13.21.0:cert4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:cert4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:certified_asterisk:13.21.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18790","reference_id":"CVE-2019-18790","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18790"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2019-18790"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-32hs-eqw2-1kf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95092?format=json","vulnerability_id":"VCID-34fv-tv5a-tkgw","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23537","reference_id":"","reference_type":"","scores":[{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58915","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58938","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58904","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58956","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58962","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58981","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58963","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58944","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58978","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58982","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58961","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60436","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60428","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60443","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.6043","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60389","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092","reference_id":"1032092","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092"},{"reference_url":"https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1","reference_id":"d8440f4d711a654b511f50f79c0445b26f9dd1e1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/"}],"url":"https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w","reference_id":"GHSA-9pfh-r8x4-w26w","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-23537"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-34fv-tv5a-tkgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31365?format=json","vulnerability_id":"VCID-48pt-6j6q-jbcn","summary":"Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23608","reference_id":"","reference_type":"","scores":[{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73836","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73843","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73842","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73833","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73799","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73809","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73801","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73759","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73786","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73768","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.73862","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00786","scoring_system":"epss","scoring_elements":"0.73772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00786","scoring_system":"epss","scoring_elements":"0.73796","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00786","scoring_system":"epss","scoring_elements":"0.73766","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00786","scoring_system":"epss","scoring_elements":"0.73801","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00786","scoring_system":"epss","scoring_elements":"0.73814","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Mar/1","reference_id":"1","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Mar/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html","reference_id":"Asterisk-Project-Security-Advisory-AST-2022-005.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html"},{"reference_url":"https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f","reference_id":"db3235953baa56d2fb0e276ca510fefca751643f","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f"},{"reference_url":"https://www.debian.org/security/2022/dsa-5285","reference_id":"dsa-5285","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://www.debian.org/security/2022/dsa-5285"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62","reference_id":"GHSA-ffff-m5fm-qm62","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html","reference_id":"msg00021.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html","reference_id":"msg00035.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html","reference_id":"msg00040.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-23608"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-48pt-6j6q-jbcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94090?format=json","vulnerability_id":"VCID-5yue-52xt-ryhw","summary":"An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.","references":[{"reference_url":"http://downloads.asterisk.org/pub/security/AST-2019-007.html","reference_id":"","reference_type":"","scores":[],"url":"http://downloads.asterisk.org/pub/security/AST-2019-007.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18610","reference_id":"","reference_type":"","scores":[{"value":"0.41891","scoring_system":"epss","scoring_elements":"0.9745","published_at":"2026-05-07T12:55:00Z"},{"value":"0.41891","scoring_system":"epss","scoring_elements":"0.97447","published_at":"2026-05-05T12:55:00Z"},{"value":"0.41891","scoring_system":"epss","scoring_elements":"0.97401","published_at":"2026-04-01T12:55:00Z"},{"value":"0.41891","scoring_system":"epss","scoring_elements":"0.97408","published_at":"2026-04-02T12:55:00Z"},{"value":"0.41891","scoring_system":"epss","scoring_elements":"0.97412","published_at":"2026-04-04T12:55:00Z"},{"value":"0.41891","scoring_system":"epss","scoring_elements":"0.97415","published_at":"2026-04-07T12:55:00Z"},{"value":"0.41891","scoring_system":"epss","scoring_elements":"0.97421","published_at":"2026-04-08T12:55:00Z"},{"value":"0.41891","scoring_system":"epss","scoring_elements":"0.97423","published_at":"2026-04-09T12:55:00Z"},{"value":"0.41891","scoring_system":"epss","scoring_elements":"0.97425","published_at":"2026-04-11T12:55:00Z"},{"value":"0.41891","scoring_system":"epss","scoring_elements":"0.97427","published_at":"2026-04-13T12:55:00Z"},{"value":"0.41891","scoring_system":"epss","scoring_elements":"0.97435","published_at":"2026-04-16T12:55:00Z"},{"value":"0.41891","scoring_system":"epss","scoring_elements":"0.9744","published_at":"2026-04-18T12:55:00Z"},{"value":"0.41891","scoring_system":"epss","scoring_elements":"0.97439","published_at":"2026-04-24T12:55:00Z"},{"value":"0.41891","scoring_system":"epss","scoring_elements":"0.97441","published_at":"2026-04-26T12:55:00Z"},{"value":"0.41891","scoring_system":"epss","scoring_elements":"0.97443","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18610"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00038.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00001.html"},{"reference_url":"https://www.asterisk.org/downloads/security-advisories","reference_id":"","reference_type":"","scores":[],"url":"https://www.asterisk.org/downloads/security-advisories"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947377","reference_id":"947377","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947377"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:certified_asterisk:13.21.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:cert1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:certified_asterisk:13.21.0:cert1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:cert1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:cert2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:cert3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:certified_asterisk:13.21.0:cert3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:cert3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:cert4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:certified_asterisk:13.21.0:cert4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:cert4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:certified_asterisk:13.21.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:13.21.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18610","reference_id":"CVE-2019-18610","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:C/I:C/A:C"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18610"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2019-18610"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5yue-52xt-ryhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42485?format=json","vulnerability_id":"VCID-6rhm-xrwe-x7af","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26717","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61896","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61969","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62001","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.6197","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.6202","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62036","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62057","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62046","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62025","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62073","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62055","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62052","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62069","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62062","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62008","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62058","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26717"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26717","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26717"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983157","reference_id":"983157","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983157"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-26717"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6rhm-xrwe-x7af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42489?format=json","vulnerability_id":"VCID-7kus-4n4f-myd1","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26498","reference_id":"","reference_type":"","scores":[{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53919","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61596","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61567","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61615","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61629","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.6165","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61639","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61619","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61661","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61666","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61651","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61644","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68302","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68306","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.6902","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.69062","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-26498"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7kus-4n4f-myd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31358?format=json","vulnerability_id":"VCID-7m8s-6ydk-gbgr","summary":"Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37706","reference_id":"","reference_type":"","scores":[{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47523","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47648","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.4764","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47593","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47585","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47594","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47542","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47457","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48294","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48285","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48309","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48283","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48234","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.4829","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48607","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48566","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/6422-2/","reference_id":"USN-6422-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-2/"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-37706"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7m8s-6ydk-gbgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42490?format=json","vulnerability_id":"VCID-8pdp-epea-juhj","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26499","reference_id":"","reference_type":"","scores":[{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58287","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65447","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.6541","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65474","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65493","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65479","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65489","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.655","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65484","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65501","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.71112","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.71117","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.71098","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.71137","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-26499"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8pdp-epea-juhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31363?format=json","vulnerability_id":"VCID-8sys-3sj7-c3h6","summary":"Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21722","reference_id":"","reference_type":"","scores":[{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64147","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64175","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64135","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64185","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64201","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64215","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64204","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.6421","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64222","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.6423","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64243","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64214","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64258","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a","reference_id":"22af44e68a0c7d190ac1e25075e1382f77e9397a","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a"},{"reference_url":"https://www.debian.org/security/2022/dsa-5285","reference_id":"dsa-5285","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://www.debian.org/security/2022/dsa-5285"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36","reference_id":"GHSA-m66q-q64c-hv36","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html","reference_id":"msg00021.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html","reference_id":"msg00035.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-21722"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8sys-3sj7-c3h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94955?format=json","vulnerability_id":"VCID-8yav-jpp1-rfbe","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43299","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51026","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51019","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.509","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50848","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50921","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.5096","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50952","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51004","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55471","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55583","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59396","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59414","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.5943","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59412","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59397","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59346","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.5938","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-43299"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8yav-jpp1-rfbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94044?format=json","vulnerability_id":"VCID-917e-7kp2-y3hw","summary":"res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.","references":[{"reference_url":"http://downloads.asterisk.org/pub/security/AST-2019-004.html","reference_id":"","reference_type":"","scores":[],"url":"http://downloads.asterisk.org/pub/security/AST-2019-004.html"},{"reference_url":"http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html"},{"reference_url":"http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15297","reference_id":"","reference_type":"","scores":[{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.8296","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.8294","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82779","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82795","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82809","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82804","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.8283","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82836","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82852","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82847","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82843","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82882","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82881","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82883","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82905","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82914","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82919","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15297"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Mar/5","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2021/Mar/5"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940060","reference_id":"940060","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940060"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15297","reference_id":"CVE-2019-15297","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15297"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2019-15297"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-917e-7kp2-y3hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31374?format=json","vulnerability_id":"VCID-9at6-bgzv-gue3","summary":"Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39269","reference_id":"","reference_type":"","scores":[{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44229","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44232","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.4415","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44029","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44106","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44545","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44515","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44516","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44513","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44563","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44494","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44572","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44535","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44472","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44523","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44529","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092","reference_id":"1032092","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-39269"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9at6-bgzv-gue3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31362?format=json","vulnerability_id":"VCID-9f9j-z7y7-sffy","summary":"Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43845","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51925","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51973","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51999","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51965","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52019","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52018","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.5207","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52052","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52036","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52076","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52082","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52063","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.5201","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52016","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51978","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51926","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51977","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-43845"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9f9j-z7y7-sffy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47565?format=json","vulnerability_id":"VCID-ap3n-99gn-aucs","summary":"A vulnerability has been discovered in PJSIP, which could lead to arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27585","reference_id":"","reference_type":"","scores":[{"value":"0.00446","scoring_system":"epss","scoring_elements":"0.6349","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00446","scoring_system":"epss","scoring_elements":"0.63523","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00446","scoring_system":"epss","scoring_elements":"0.63509","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65838","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.6575","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65716","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.6577","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.6578","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65801","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65787","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65757","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65792","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65806","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65816","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65791","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.6572","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27585"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036697","reference_id":"1036697","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036697"},{"reference_url":"https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5","reference_id":"d1c5e4da5bae7f220bc30719888bb389c905c0c5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5"},{"reference_url":"https://www.debian.org/security/2023/dsa-5438","reference_id":"dsa-5438","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://www.debian.org/security/2023/dsa-5438"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4","reference_id":"GHSA-p6g5-v97c-w5q4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr","reference_id":"GHSA-q9cp-8wcq-7pfr","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr"},{"reference_url":"https://security.gentoo.org/glsa/202409-05","reference_id":"GLSA-202409-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-05"},{"reference_url":"https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm","reference_id":"group__PJ__DNS__RESOLVER.htm","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html","reference_id":"msg00020.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/6422-2/","reference_id":"USN-6422-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2023-27585"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ap3n-99gn-aucs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42494?format=json","vulnerability_id":"VCID-b4z5-5hbq-5ka8","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42706","reference_id":"","reference_type":"","scores":[{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.74329","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.74264","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.74298","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.74307","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.74306","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.743","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.74181","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.74208","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.74214","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.74228","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.7425","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.74231","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.74224","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.74262","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.74272","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://downloads.asterisk.org/pub/security/AST-2022-009.html","reference_id":"AST-2022-009.html","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/"}],"url":"https://downloads.asterisk.org/pub/security/AST-2022-009.html"},{"reference_url":"https://www.debian.org/security/2023/dsa-5358","reference_id":"dsa-5358","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/"}],"url":"https://www.debian.org/security/2023/dsa-5358"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-42706"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b4z5-5hbq-5ka8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94957?format=json","vulnerability_id":"VCID-byqv-c5jp-6ybg","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43301","reference_id":"","reference_type":"","scores":[{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61133","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61127","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61108","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61058","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.6111","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61117","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61105","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61116","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65068","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65118","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68238","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68272","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68284","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68259","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68244","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68193","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68217","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-43301"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-byqv-c5jp-6ybg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42492?format=json","vulnerability_id":"VCID-cupt-538a-z3fp","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37325","reference_id":"","reference_type":"","scores":[{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71688","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.7161","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.7166","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71664","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71669","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71654","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71549","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71567","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.7154","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.7158","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.7159","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71613","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71598","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71579","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71624","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71629","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://downloads.asterisk.org/pub/security/AST-2022-007.html","reference_id":"AST-2022-007.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/"}],"url":"https://downloads.asterisk.org/pub/security/AST-2022-007.html"},{"reference_url":"https://www.debian.org/security/2023/dsa-5358","reference_id":"dsa-5358","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/"}],"url":"https://www.debian.org/security/2023/dsa-5358"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-37325"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cupt-538a-z3fp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31364?format=json","vulnerability_id":"VCID-ddpb-zwva-rfc5","summary":"Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21723","reference_id":"","reference_type":"","scores":[{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64457","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64488","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64446","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64495","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64511","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64526","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64515","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64487","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64521","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64533","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64525","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64545","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64557","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64531","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64578","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896","reference_id":"077b465c33f0aec05a49cd2ca456f9a1b112e896","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Mar/2","reference_id":"2","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Mar/2"},{"reference_url":"http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html","reference_id":"Asterisk-Project-Security-Advisory-AST-2022-006.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html"},{"reference_url":"https://www.debian.org/security/2022/dsa-5285","reference_id":"dsa-5285","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://www.debian.org/security/2022/dsa-5285"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm","reference_id":"GHSA-7fw8-54cv-r7pm","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html","reference_id":"msg00021.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html","reference_id":"msg00035.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-21723"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ddpb-zwva-rfc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31357?format=json","vulnerability_id":"VCID-epzp-dpmr-33df","summary":"Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32686","reference_id":"","reference_type":"","scores":[{"value":"0.02002","scoring_system":"epss","scoring_elements":"0.83727","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02002","scoring_system":"epss","scoring_elements":"0.83702","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02002","scoring_system":"epss","scoring_elements":"0.83783","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02002","scoring_system":"epss","scoring_elements":"0.83763","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02002","scoring_system":"epss","scoring_elements":"0.83741","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02002","scoring_system":"epss","scoring_elements":"0.83734","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02081","scoring_system":"epss","scoring_elements":"0.83919","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02081","scoring_system":"epss","scoring_elements":"0.83934","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02696","scoring_system":"epss","scoring_elements":"0.85889","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02696","scoring_system":"epss","scoring_elements":"0.85894","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02769","scoring_system":"epss","scoring_elements":"0.86039","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02769","scoring_system":"epss","scoring_elements":"0.86025","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02769","scoring_system":"epss","scoring_elements":"0.86015","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02769","scoring_system":"epss","scoring_elements":"0.85995","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02769","scoring_system":"epss","scoring_elements":"0.86032","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02769","scoring_system":"epss","scoring_elements":"0.85996","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02769","scoring_system":"epss","scoring_elements":"0.86037","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991931","reference_id":"991931","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991931"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-32686"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-epzp-dpmr-33df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31361?format=json","vulnerability_id":"VCID-f5qc-tsbr-1yap","summary":"Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43804","reference_id":"","reference_type":"","scores":[{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53266","published_at":"2026-04-01T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.5329","published_at":"2026-04-02T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53315","published_at":"2026-04-04T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53285","published_at":"2026-04-07T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53337","published_at":"2026-04-08T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53332","published_at":"2026-04-09T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53383","published_at":"2026-04-11T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53366","published_at":"2026-04-12T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.5335","published_at":"2026-04-13T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53387","published_at":"2026-04-16T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53393","published_at":"2026-04-18T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53374","published_at":"2026-04-21T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53345","published_at":"2026-04-24T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53358","published_at":"2026-04-26T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.5332","published_at":"2026-04-29T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53275","published_at":"2026-05-05T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53324","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-43804"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f5qc-tsbr-1yap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42486?format=json","vulnerability_id":"VCID-fjzf-5rtw-rqfj","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26906","reference_id":"","reference_type":"","scores":[{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74179","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74184","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74212","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74217","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74232","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74253","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74235","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74227","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74265","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74275","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74267","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74302","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74311","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.7431","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74304","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74332","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26906","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26906"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983159","reference_id":"983159","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983159"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-26906"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fjzf-5rtw-rqfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94545?format=json","vulnerability_id":"VCID-gkcp-1zz6-tfb5","summary":"A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28327","reference_id":"","reference_type":"","scores":[{"value":"0.02764","scoring_system":"epss","scoring_elements":"0.85963","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02764","scoring_system":"epss","scoring_elements":"0.85974","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02764","scoring_system":"epss","scoring_elements":"0.8599","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02764","scoring_system":"epss","scoring_elements":"0.85989","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02764","scoring_system":"epss","scoring_elements":"0.86008","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02764","scoring_system":"epss","scoring_elements":"0.86018","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02764","scoring_system":"epss","scoring_elements":"0.86032","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02764","scoring_system":"epss","scoring_elements":"0.8603","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02764","scoring_system":"epss","scoring_elements":"0.86026","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02764","scoring_system":"epss","scoring_elements":"0.86043","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02764","scoring_system":"epss","scoring_elements":"0.86048","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02764","scoring_system":"epss","scoring_elements":"0.86039","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02764","scoring_system":"epss","scoring_elements":"0.8606","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02764","scoring_system":"epss","scoring_elements":"0.86069","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02764","scoring_system":"epss","scoring_elements":"0.86088","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02764","scoring_system":"epss","scoring_elements":"0.8611","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28327"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28327","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28327"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974712","reference_id":"974712","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974712"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2020-28327"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gkcp-1zz6-tfb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42488?format=json","vulnerability_id":"VCID-h193-vjhb-j3a3","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32558","reference_id":"","reference_type":"","scores":[{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86214","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86224","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86241","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86242","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86261","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86271","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86286","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86283","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86279","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86296","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.863","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86294","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86312","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86322","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86342","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86363","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991710","reference_id":"991710","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991710"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-32558"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h193-vjhb-j3a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31367?format=json","vulnerability_id":"VCID-hj93-7z1r-vkfk","summary":"Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24763","reference_id":"","reference_type":"","scores":[{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80395","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80416","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80405","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80434","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80444","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80463","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80448","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80441","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.8047","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80471","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80474","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.805","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80504","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80522","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80539","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80562","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976","reference_id":"1014976","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-24763"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hj93-7z1r-vkfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94575?format=json","vulnerability_id":"VCID-huqt-1fv6-67cz","summary":"An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35652","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30039","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30077","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30124","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29937","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29998","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30033","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29994","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29945","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.2996","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29939","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29892","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29817","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29705","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29643","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29502","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29564","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35652"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979372","reference_id":"979372","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979372"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2020-35652"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-huqt-1fv6-67cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31371?format=json","vulnerability_id":"VCID-n6mj-v1nc-hke9","summary":"Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24793","reference_id":"","reference_type":"","scores":[{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.665","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66539","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66523","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.6863","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68493","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68469","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68519","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68536","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68563","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.6855","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68518","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68558","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68571","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68609","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68588","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68474","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976","reference_id":"1014976","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a","reference_id":"9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a"},{"reference_url":"https://www.debian.org/security/2022/dsa-5285","reference_id":"dsa-5285","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://www.debian.org/security/2022/dsa-5285"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4","reference_id":"GHSA-p6g5-v97c-w5q4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html","reference_id":"msg00021.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html","reference_id":"msg00047.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-24793"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n6mj-v1nc-hke9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94959?format=json","vulnerability_id":"VCID-nf5d-nejq-mkd9","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43303","reference_id":"","reference_type":"","scores":[{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61133","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61127","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61108","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61058","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.6111","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61117","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61105","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61116","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63734","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63795","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67122","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67153","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67167","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67148","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67136","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67086","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00527","scoring_system":"epss","scoring_elements":"0.67112","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-43303"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nf5d-nejq-mkd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31372?format=json","vulnerability_id":"VCID-ngds-k5mh-t3ae","summary":"Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31031","reference_id":"","reference_type":"","scores":[{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72597","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72476","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72489","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72511","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72494","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72484","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72526","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72535","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72524","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72567","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72575","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72573","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72444","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72462","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72438","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017004","reference_id":"1017004","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017004"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017005","reference_id":"1017005","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017005"},{"reference_url":"https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202","reference_id":"450baca94f475345542c6953832650c390889202","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/"}],"url":"https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202"},{"reference_url":"https://www.debian.org/security/2023/dsa-5358","reference_id":"dsa-5358","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/"}],"url":"https://www.debian.org/security/2023/dsa-5358"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj","reference_id":"GHSA-26j7-ww69-c4qj","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-31031"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ngds-k5mh-t3ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95093?format=json","vulnerability_id":"VCID-psbg-wv2x-w7ba","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23547","reference_id":"","reference_type":"","scores":[{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60283","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60308","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60277","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60327","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60342","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60363","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60349","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.6033","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60371","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60379","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60369","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.6034","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61991","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61982","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61928","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61975","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092","reference_id":"1032092","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092"},{"reference_url":"https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36","reference_id":"bc4812d31a67d5e2f973fbfaf950d6118226cf36","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/"}],"url":"https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w","reference_id":"GHSA-9pfh-r8x4-w26w","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr","reference_id":"GHSA-cxwq-5g9x-x7fr","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-23547"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-psbg-wv2x-w7ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42481?format=json","vulnerability_id":"VCID-r8b9-jcqa-xyb2","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35776","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24665","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24741","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24781","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24553","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24625","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24671","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24686","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24645","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24589","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24602","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24592","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24569","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24513","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24499","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24458","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24332","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.2441","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35776"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983158","reference_id":"983158","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983158"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2020-35776"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r8b9-jcqa-xyb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31370?format=json","vulnerability_id":"VCID-tqwd-ffwc-mkd1","summary":"Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24792","reference_id":"","reference_type":"","scores":[{"value":"0.01621","scoring_system":"epss","scoring_elements":"0.81947","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01621","scoring_system":"epss","scoring_elements":"0.81821","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01621","scoring_system":"epss","scoring_elements":"0.81828","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01621","scoring_system":"epss","scoring_elements":"0.81847","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01621","scoring_system":"epss","scoring_elements":"0.81835","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01621","scoring_system":"epss","scoring_elements":"0.81829","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01621","scoring_system":"epss","scoring_elements":"0.81866","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01621","scoring_system":"epss","scoring_elements":"0.81869","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01621","scoring_system":"epss","scoring_elements":"0.81892","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01621","scoring_system":"epss","scoring_elements":"0.81903","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01621","scoring_system":"epss","scoring_elements":"0.81908","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01621","scoring_system":"epss","scoring_elements":"0.81927","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01621","scoring_system":"epss","scoring_elements":"0.81774","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01621","scoring_system":"epss","scoring_elements":"0.81797","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01621","scoring_system":"epss","scoring_elements":"0.81795","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976","reference_id":"1014976","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976"},{"reference_url":"https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213","reference_id":"947bc1ee6d05be10204b918df75a503415fd3213","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/"}],"url":"https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213"},{"reference_url":"https://www.debian.org/security/2022/dsa-5285","reference_id":"dsa-5285","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/"}],"url":"https://www.debian.org/security/2022/dsa-5285"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799","reference_id":"GHSA-rwgw-vwxg-q799","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html","reference_id":"msg00021.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html","reference_id":"msg00047.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-24792"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tqwd-ffwc-mkd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94544?format=json","vulnerability_id":"VCID-tyh4-14zn-63ez","summary":"An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28242","reference_id":"","reference_type":"","scores":[{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61018","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61095","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61124","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61089","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61138","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61153","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61174","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.6116","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61141","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61182","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61188","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61169","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61158","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61173","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61166","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61115","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61164","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28242"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28242","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28242"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974713","reference_id":"974713","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974713"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2020-28242"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tyh4-14zn-63ez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95038?format=json","vulnerability_id":"VCID-v7ev-jtsg-cqdg","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46837","reference_id":"","reference_type":"","scores":[{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32972","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33102","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33135","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32965","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33011","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33041","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33045","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33006","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32981","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33024","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33002","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32818","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32706","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32622","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32483","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32547","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018073","reference_id":"1018073","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018073"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-46837"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v7ev-jtsg-cqdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31373?format=json","vulnerability_id":"VCID-vwf4-v4ve-4yfh","summary":"Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39244","reference_id":"","reference_type":"","scores":[{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55433","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.5553","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55539","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55519","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55502","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55538","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55542","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.5552","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55444","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55464","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55438","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55389","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55475","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.555","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55478","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae","reference_id":"c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/"}],"url":"https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae"},{"reference_url":"https://www.debian.org/security/2023/dsa-5358","reference_id":"dsa-5358","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/"}],"url":"https://www.debian.org/security/2023/dsa-5358"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj","reference_id":"GHSA-fq45-m3f7-3mhj","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-39244"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vwf4-v4ve-4yfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31369?format=json","vulnerability_id":"VCID-w9ce-m3x8-n3ak","summary":"Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24786","reference_id":"","reference_type":"","scores":[{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.72929","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.72948","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.72925","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.72962","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.72975","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.7298","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.72973","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73014","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73024","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73017","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73056","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73067","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73064","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73057","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73085","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976","reference_id":"1014976","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-24786"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w9ce-m3x8-n3ak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93961?format=json","vulnerability_id":"VCID-x2gp-mft6-1yhy","summary":"An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13161","reference_id":"","reference_type":"","scores":[{"value":"0.02131","scoring_system":"epss","scoring_elements":"0.84239","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02131","scoring_system":"epss","scoring_elements":"0.84259","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02131","scoring_system":"epss","scoring_elements":"0.84284","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02171","scoring_system":"epss","scoring_elements":"0.84289","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02171","scoring_system":"epss","scoring_elements":"0.8431","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02171","scoring_system":"epss","scoring_elements":"0.84315","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02171","scoring_system":"epss","scoring_elements":"0.84334","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02171","scoring_system":"epss","scoring_elements":"0.84326","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02171","scoring_system":"epss","scoring_elements":"0.84257","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02171","scoring_system":"epss","scoring_elements":"0.84345","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02171","scoring_system":"epss","scoring_elements":"0.84348","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02171","scoring_system":"epss","scoring_elements":"0.84374","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02171","scoring_system":"epss","scoring_elements":"0.84383","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02171","scoring_system":"epss","scoring_elements":"0.84323","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02171","scoring_system":"epss","scoring_elements":"0.84269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02171","scoring_system":"epss","scoring_elements":"0.84287","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13161"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931981","reference_id":"931981","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931981"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2019-13161"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x2gp-mft6-1yhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93948?format=json","vulnerability_id":"VCID-xbe4-uvqu-6kf7","summary":"Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12827","reference_id":"","reference_type":"","scores":[{"value":"0.1959","scoring_system":"epss","scoring_elements":"0.95377","published_at":"2026-04-01T12:55:00Z"},{"value":"0.1959","scoring_system":"epss","scoring_elements":"0.95386","published_at":"2026-04-02T12:55:00Z"},{"value":"0.1959","scoring_system":"epss","scoring_elements":"0.95392","published_at":"2026-04-04T12:55:00Z"},{"value":"0.1959","scoring_system":"epss","scoring_elements":"0.95397","published_at":"2026-04-07T12:55:00Z"},{"value":"0.1959","scoring_system":"epss","scoring_elements":"0.95404","published_at":"2026-04-08T12:55:00Z"},{"value":"0.1959","scoring_system":"epss","scoring_elements":"0.95406","published_at":"2026-04-09T12:55:00Z"},{"value":"0.1959","scoring_system":"epss","scoring_elements":"0.95411","published_at":"2026-04-12T12:55:00Z"},{"value":"0.1959","scoring_system":"epss","scoring_elements":"0.95413","published_at":"2026-04-13T12:55:00Z"},{"value":"0.1959","scoring_system":"epss","scoring_elements":"0.95422","published_at":"2026-04-16T12:55:00Z"},{"value":"0.1959","scoring_system":"epss","scoring_elements":"0.95425","published_at":"2026-04-18T12:55:00Z"},{"value":"0.1959","scoring_system":"epss","scoring_elements":"0.95429","published_at":"2026-04-24T12:55:00Z"},{"value":"0.1959","scoring_system":"epss","scoring_elements":"0.95431","published_at":"2026-04-29T12:55:00Z"},{"value":"0.1959","scoring_system":"epss","scoring_elements":"0.95442","published_at":"2026-05-05T12:55:00Z"},{"value":"0.1959","scoring_system":"epss","scoring_elements":"0.95448","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12827"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931980","reference_id":"931980","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931980"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2019-12827"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xbe4-uvqu-6kf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31368?format=json","vulnerability_id":"VCID-y6sx-xqsh-wbcg","summary":"Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24764","reference_id":"","reference_type":"","scores":[{"value":"0.00942","scoring_system":"epss","scoring_elements":"0.76197","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00942","scoring_system":"epss","scoring_elements":"0.76229","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00942","scoring_system":"epss","scoring_elements":"0.76209","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00942","scoring_system":"epss","scoring_elements":"0.76241","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00942","scoring_system":"epss","scoring_elements":"0.76254","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00942","scoring_system":"epss","scoring_elements":"0.76281","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00942","scoring_system":"epss","scoring_elements":"0.76258","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00942","scoring_system":"epss","scoring_elements":"0.76295","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00942","scoring_system":"epss","scoring_elements":"0.76299","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00942","scoring_system":"epss","scoring_elements":"0.76283","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00942","scoring_system":"epss","scoring_elements":"0.7632","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00942","scoring_system":"epss","scoring_elements":"0.76327","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00942","scoring_system":"epss","scoring_elements":"0.76339","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00942","scoring_system":"epss","scoring_elements":"0.76348","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00942","scoring_system":"epss","scoring_elements":"0.76377","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976","reference_id":"1014976","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00","reference_id":"560a1346f87aabe126509bb24930106dea292b00","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00"},{"reference_url":"https://www.debian.org/security/2022/dsa-5285","reference_id":"dsa-5285","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://www.debian.org/security/2022/dsa-5285"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m","reference_id":"GHSA-f5qg-pqcg-765m","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html","reference_id":"msg00021.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html","reference_id":"msg00035.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-24764"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y6sx-xqsh-wbcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94956?format=json","vulnerability_id":"VCID-yx1m-ayfg-ryc3","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43300","reference_id":"","reference_type":"","scores":[{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61133","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61127","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61108","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61058","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.6111","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61117","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61105","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61116","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65068","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65118","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68238","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68272","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68284","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68259","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68244","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68193","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68217","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-43300"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yx1m-ayfg-ryc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42491?format=json","vulnerability_id":"VCID-z3fq-m317-ckb8","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26651","reference_id":"","reference_type":"","scores":[{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62891","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62921","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62885","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62936","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62952","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.6297","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62958","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62977","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.6831","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68313","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68287","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68333","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.71709","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.71758","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.71727","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26651"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-26651"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z3fq-m317-ckb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42493?format=json","vulnerability_id":"VCID-zabf-adce-sqde","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42705","reference_id":"","reference_type":"","scores":[{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81628","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81553","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81575","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81584","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81589","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81606","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.8146","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81482","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81479","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81507","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81513","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81533","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.8152","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.8155","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01567","scoring_system":"epss","scoring_elements":"0.81551","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://downloads.asterisk.org/pub/security/AST-2022-008.html","reference_id":"AST-2022-008.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/"}],"url":"https://downloads.asterisk.org/pub/security/AST-2022-008.html"},{"reference_url":"https://www.debian.org/security/2023/dsa-5358","reference_id":"dsa-5358","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/"}],"url":"https://www.debian.org/security/2023/dsa-5358"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-42705"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zabf-adce-sqde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94958?format=json","vulnerability_id":"VCID-zxkf-88k3-3qcn","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43302","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53781","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53776","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53702","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53657","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53706","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.5374","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53728","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53762","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.5817","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58255","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61928","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61949","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.6196","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61939","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61922","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61873","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61902","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049738?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qxc-4xk5-2feu"},{"vulnerability":"VCID-2qjc-yspn-xydj"},{"vulnerability":"VCID-43ff-97jw-hkce"},{"vulnerability":"VCID-55vv-7jsj-xqeh"},{"vulnerability":"VCID-63fe-saga-13ct"},{"vulnerability":"VCID-8kjy-xtm2-bqan"},{"vulnerability":"VCID-9u4p-wdky-a3h1"},{"vulnerability":"VCID-bk8r-brkr-bqc6"},{"vulnerability":"VCID-bknu-abgc-bugw"},{"vulnerability":"VCID-gy3u-c6dc-sbbn"},{"vulnerability":"VCID-phb4-xaj7-byg2"},{"vulnerability":"VCID-pmte-bc34-pfcv"},{"vulnerability":"VCID-qcqe-63ev-f7gv"},{"vulnerability":"VCID-u91b-9huy-43hn"},{"vulnerability":"VCID-ytty-tbs1-ffc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-43302"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxkf-88k3-3qcn"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}