{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","type":"deb","namespace":"debian","name":"asterisk","version":"1:22.9.0+dfsg+~cs6.16.60671434-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64676?format=json","vulnerability_id":"VCID-1qxc-4xk5-2feu","summary":"Asterisk: Asterisk: Arbitrary code execution and file overwrite as root via insecure ast_coredumper file handling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23740.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23740.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23740","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.025","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02503","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02504","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02512","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02514","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02517","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02516","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02538","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03814","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03751","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0379","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03803","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03531","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03544","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0367","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03676","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0368","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03726","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03702","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03738","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03746","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23740"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438","reference_id":"1127438","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437723","reference_id":"2437723","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437723"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c","reference_id":"GHSA-xpc6-x892-v83c","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-06T19:11:52Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2026-23740"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qxc-4xk5-2feu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96720?format=json","vulnerability_id":"VCID-2qjc-yspn-xydj","summary":"Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47780","reference_id":"","reference_type":"","scores":[{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63979","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63834","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63846","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63845","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63816","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63859","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63908","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63876","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63903","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63955","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.63963","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.68869","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.68859","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.6877","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.6879","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.68768","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.6882","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.68839","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.68862","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.68847","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.68818","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47780"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47780"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106530","reference_id":"1106530","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106530"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2","reference_id":"GHSA-c7p6-7mvq-8jq2","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:24:44Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2025-47780"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2qjc-yspn-xydj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56274?format=json","vulnerability_id":"VCID-43ff-97jw-hkce","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1131","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1384","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14083","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13834","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14137","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13943","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14025","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14078","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14023","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13986","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13936","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16092","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16061","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16075","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16034","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15928","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15923","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15888","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15766","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15876","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15978","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15954","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15987","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1131"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp","reference_id":"GHSA-v9q8-9j8m-5xwp","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/V:C/RE:H/U:Amber"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-24T03:55:15Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp"},{"reference_url":"https://security.gentoo.org/glsa/202601-04","reference_id":"GLSA-202601-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202601-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2025-1131"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-43ff-97jw-hkce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96800?format=json","vulnerability_id":"VCID-63fe-saga-13ct","summary":"Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54995","reference_id":"","reference_type":"","scores":[{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76876","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76981","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76968","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76961","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76927","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76935","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.7693","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76889","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76894","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76914","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76886","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76862","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76844","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77363","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.78022","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.78047","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.78029","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.78039","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.77993","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01274","scoring_system":"epss","scoring_elements":"0.79723","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01274","scoring_system":"epss","scoring_elements":"0.79718","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01274","scoring_system":"epss","scoring_elements":"0.79728","published_at":"2026-05-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54995"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54995","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54995"},{"reference_url":"https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9","reference_id":"0278f5bde14565c6838a6ec39bc21aee0cde56a9","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9"},{"reference_url":"https://github.com/asterisk/asterisk/pull/1405","reference_id":"1405","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/pull/1405"},{"reference_url":"https://github.com/asterisk/asterisk/pull/1406","reference_id":"1406","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/pull/1406"},{"reference_url":"https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d","reference_id":"eafcd7a451dcd007dddf324ac37dd55a4808338d","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2","reference_id":"GHSA-557q-795j-wfx2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2025-54995"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63fe-saga-13ct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64677?format=json","vulnerability_id":"VCID-8kjy-xtm2-bqan","summary":"Asterisk: Asterisk: Local file disclosure via unsafe XML parsing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23739.json","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23739.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23739","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14927","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14816","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15004","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14808","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14898","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14948","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14875","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14913","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17333","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17257","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17339","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17345","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17353","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17385","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17292","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17269","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17208","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17068","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17156","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17248","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17218","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23739"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438","reference_id":"1127438","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437909","reference_id":"2437909","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437909"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42","reference_id":"GHSA-85x7-54wr-vh42","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:36:34Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2026-23739"],"risk_score":0.9,"exploitability":"0.5","weighted_severity":"1.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8kjy-xtm2-bqan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96182?format=json","vulnerability_id":"VCID-9u4p-wdky-a3h1","summary":"Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42365","reference_id":"","reference_type":"","scores":[{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96868","published_at":"2026-05-16T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96796","published_at":"2026-04-04T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96801","published_at":"2026-04-07T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96809","published_at":"2026-04-08T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.9681","published_at":"2026-04-09T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96812","published_at":"2026-04-13T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96819","published_at":"2026-04-16T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96822","published_at":"2026-04-18T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96825","published_at":"2026-04-24T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96827","published_at":"2026-04-26T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.9683","published_at":"2026-04-29T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96838","published_at":"2026-05-05T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96842","published_at":"2026-05-07T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96848","published_at":"2026-05-09T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96849","published_at":"2026-05-11T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96855","published_at":"2026-05-12T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96865","published_at":"2026-05-14T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96795","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42365"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078574","reference_id":"1078574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078574"},{"reference_url":"https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4","reference_id":"42a2f4ccfa2c7062a15063e765916b3332e34cc4","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4"},{"reference_url":"https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8","reference_id":"7a0090325bfa9d778a39ae5f7d0a98109e4651c8","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8"},{"reference_url":"https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71","reference_id":"b4063bf756272254b160b6d1bd6e9a3f8e16cc71","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71"},{"reference_url":"https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993","reference_id":"bbe68db10ab8a80c29db383e4dfe14f6eafaf993","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993"},{"reference_url":"https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2","reference_id":"faddd99f2b9408b524e5eb8a01589fe1fa282df2","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44","reference_id":"GHSA-c4cg-9275-6w44","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44"},{"reference_url":"https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426","reference_id":"manager.c#L6426","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426"},{"reference_url":"https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426","reference_id":"manager.c#L6426","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2024-42365"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9u4p-wdky-a3h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96268?format=json","vulnerability_id":"VCID-gy3u-c6dc-sbbn","summary":"An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53566","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15466","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15447","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15396","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15391","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15594","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15662","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15461","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15548","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15603","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15567","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1553","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20879","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20785","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20776","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20865","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20873","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20764","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.2076","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20727","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20623","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20697","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53566"},{"reference_url":"https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616","reference_id":"e7c0f44ffb38c00320aa1a6d98bee616","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:37:51Z/"}],"url":"https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616"},{"reference_url":"https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556","reference_id":"manager.c#L2556","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:37:51Z/"}],"url":"https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2024-53566"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gy3u-c6dc-sbbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97012?format=json","vulnerability_id":"VCID-phb4-xaj7-byg2","summary":"Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23741","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10373","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1028","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10351","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10347","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10245","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10319","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10412","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12445","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12401","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12406","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12246","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12244","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1235","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12343","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1231","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12199","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12115","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12251","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12313","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12306","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12328","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23741"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438","reference_id":"1127438","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3","reference_id":"GHSA-rvch-3jmx-3jf3","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:22:49Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2026-23741"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-phb4-xaj7-byg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96183?format=json","vulnerability_id":"VCID-qcqe-63ev-f7gv","summary":"Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42491","reference_id":"","reference_type":"","scores":[{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72564","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72535","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76609","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76604","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76572","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76584","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.7658","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76545","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76565","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76539","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76484","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76513","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76528","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76496","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76622","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0099","scoring_system":"epss","scoring_elements":"0.77078","published_at":"2026-05-16T12:55:00Z"},{"value":"0.0099","scoring_system":"epss","scoring_elements":"0.77004","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0099","scoring_system":"epss","scoring_elements":"0.76991","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0099","scoring_system":"epss","scoring_elements":"0.77008","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0099","scoring_system":"epss","scoring_elements":"0.77059","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0099","scoring_system":"epss","scoring_elements":"0.77073","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42491"},{"reference_url":"https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4","reference_id":"42a2f4ccfa2c7062a15063e765916b3332e34cc4","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4"},{"reference_url":"https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742","reference_id":"4f01669c7c41c9184f3cce9a3cf1b2ebf6201742","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742"},{"reference_url":"https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2","reference_id":"50bf8d4d3064930d28ecf1ce3397b14574d514d2","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2"},{"reference_url":"https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8","reference_id":"7a0090325bfa9d778a39ae5f7d0a98109e4651c8","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8"},{"reference_url":"https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0","reference_id":"a15050650abf09c10a3c135fab148220cd41d3a0","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9","reference_id":"GHSA-v428-g3cw-7hv9","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2024-42491"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qcqe-63ev-f7gv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96325?format=json","vulnerability_id":"VCID-r54j-ydjm-4uca","summary":"Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the Asterisk product directory (aka directory traversal) and the attack can only be performed by a privileged user who has the ability to manage the configuration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-57520","reference_id":"","reference_type":"","scores":[{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.8777","published_at":"2026-05-16T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87715","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87729","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87761","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87769","published_at":"2026-05-15T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87588","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87601","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87604","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87624","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.8763","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87641","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87636","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87634","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87649","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87647","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87664","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87671","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87669","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87685","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87701","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87719","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-57520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57520"},{"reference_url":"https://github.com/asterisk/asterisk/issues/1122","reference_id":"1122","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T15:16:16Z/"}],"url":"https://github.com/asterisk/asterisk/issues/1122"},{"reference_url":"https://gist.github.com/hyp164D1/ae76ab25acfbe263b2ed7b24b6e5c621","reference_id":"ae76ab25acfbe263b2ed7b24b6e5c621","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T15:16:16Z/"}],"url":"https://gist.github.com/hyp164D1/ae76ab25acfbe263b2ed7b24b6e5c621"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2024-57520"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r54j-ydjm-4uca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96719?format=json","vulnerability_id":"VCID-u91b-9huy-43hn","summary":"Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47779","reference_id":"","reference_type":"","scores":[{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51386","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51296","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51371","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51382","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51279","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51304","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51264","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51319","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51316","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51338","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51324","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51367","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51374","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51354","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51301","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51308","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51269","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51215","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51265","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51267","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47779"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106528","reference_id":"1106528","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106528"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw","reference_id":"GHSA-2grh-7mhv-fcfw","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:25:58Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw"},{"reference_url":"https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample","reference_id":"pjsip.conf.sample","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:25:58Z/"}],"url":"https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2025-47779"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u91b-9huy-43hn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97011?format=json","vulnerability_id":"VCID-ytty-tbs1-ffc7","summary":"Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. The endpoint at GET /httpstatus is the potential vulnerable endpoint relating to asterisk/main /http.c. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23738","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13611","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13683","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13564","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13745","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13546","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13627","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13678","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13648","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16052","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16022","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16034","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15817","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15831","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15877","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15893","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15888","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15853","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15729","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1584","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1594","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15916","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15949","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23738"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438","reference_id":"1127438","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh","reference_id":"GHSA-v6hp-wh3r-cwxh","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:43:40Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585943?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1060958?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2026-23738"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ytty-tbs1-ffc7"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}