| 0 |
| url |
VCID-111d-qj24-nyde |
| vulnerability_id |
VCID-111d-qj24-nyde |
| summary |
Multiple vulnerabilities in Asterisk might allow remote attackers
to execute arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-2415 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.10525 |
| scoring_system |
epss |
| scoring_elements |
0.93233 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.10525 |
| scoring_system |
epss |
| scoring_elements |
0.93242 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.10525 |
| scoring_system |
epss |
| scoring_elements |
0.93247 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.10525 |
| scoring_system |
epss |
| scoring_elements |
0.93245 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.10525 |
| scoring_system |
epss |
| scoring_elements |
0.93254 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.10525 |
| scoring_system |
epss |
| scoring_elements |
0.93258 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.10525 |
| scoring_system |
epss |
| scoring_elements |
0.93262 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.10525 |
| scoring_system |
epss |
| scoring_elements |
0.93259 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.10525 |
| scoring_system |
epss |
| scoring_elements |
0.93261 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-2415 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-2415
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-111d-qj24-nyde |
|
| 1 |
| url |
VCID-1bxe-fg62-qugd |
| vulnerability_id |
VCID-1bxe-fg62-qugd |
| summary |
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-6609 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.73972 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.73921 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.73931 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.73956 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.73927 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.73961 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.73975 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.73999 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.73981 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-6609 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-6609
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1bxe-fg62-qugd |
|
| 2 |
| url |
VCID-1cad-s6nn-j7aw |
| vulnerability_id |
VCID-1cad-s6nn-j7aw |
| summary |
embedded prototype.js JavaScript hijacking |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-2383 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49539 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49489 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49518 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49546 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49498 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49553 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49548 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49565 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49537 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-2383 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-2383
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1cad-s6nn-j7aw |
|
| 3 |
| url |
VCID-1g96-fryn-9qak |
| vulnerability_id |
VCID-1g96-fryn-9qak |
| summary |
The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-2488 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03192 |
| scoring_system |
epss |
| scoring_elements |
0.86985 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.03192 |
| scoring_system |
epss |
| scoring_elements |
0.86932 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.03192 |
| scoring_system |
epss |
| scoring_elements |
0.86943 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.03192 |
| scoring_system |
epss |
| scoring_elements |
0.86962 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.03192 |
| scoring_system |
epss |
| scoring_elements |
0.86955 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.03192 |
| scoring_system |
epss |
| scoring_elements |
0.86975 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.03192 |
| scoring_system |
epss |
| scoring_elements |
0.86982 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.03192 |
| scoring_system |
epss |
| scoring_elements |
0.86996 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.03192 |
| scoring_system |
epss |
| scoring_elements |
0.8699 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-2488 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-2488
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1g96-fryn-9qak |
|
| 4 |
| url |
VCID-1qxc-4xk5-2feu |
| vulnerability_id |
VCID-1qxc-4xk5-2feu |
| summary |
Asterisk: Asterisk: Arbitrary code execution and file overwrite as root via insecure ast_coredumper file handling |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-23740 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.025 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02503 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02538 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02516 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02504 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02512 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02514 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02517 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-23740 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-23740
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1qxc-4xk5-2feu |
|
| 5 |
| url |
VCID-1t3u-22gq-qucr |
| vulnerability_id |
VCID-1t3u-22gq-qucr |
| summary |
Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-35190 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00332 |
| scoring_system |
epss |
| scoring_elements |
0.5608 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00332 |
| scoring_system |
epss |
| scoring_elements |
0.56054 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00332 |
| scoring_system |
epss |
| scoring_elements |
0.56074 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00332 |
| scoring_system |
epss |
| scoring_elements |
0.56053 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00332 |
| scoring_system |
epss |
| scoring_elements |
0.56104 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00332 |
| scoring_system |
epss |
| scoring_elements |
0.56109 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00332 |
| scoring_system |
epss |
| scoring_elements |
0.5612 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00332 |
| scoring_system |
epss |
| scoring_elements |
0.56097 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-35190 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-35190
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1t3u-22gq-qucr |
|
| 6 |
| url |
VCID-1u6r-4dzb-wfh2 |
| vulnerability_id |
VCID-1u6r-4dzb-wfh2 |
| summary |
Multiple vulnerabilities in Asterisk might allow unauthenticated
remote attackers to execute arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1507 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.3508 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.34957 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35157 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35186 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35064 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35109 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35135 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35139 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35104 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1507 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
|
| 136 |
|
| 137 |
|
| 138 |
|
| 139 |
|
| 140 |
|
| 141 |
|
| 142 |
|
| 143 |
|
| 144 |
|
| 145 |
|
| 146 |
|
| 147 |
|
| 148 |
|
| 149 |
|
| 150 |
|
| 151 |
|
| 152 |
|
| 153 |
|
| 154 |
|
| 155 |
|
| 156 |
|
| 157 |
|
| 158 |
|
| 159 |
|
| 160 |
|
| 161 |
|
| 162 |
|
| 163 |
|
| 164 |
|
| 165 |
|
| 166 |
|
| 167 |
|
| 168 |
|
| 169 |
|
| 170 |
|
| 171 |
|
| 172 |
|
| 173 |
|
| 174 |
|
| 175 |
|
| 176 |
|
| 177 |
|
| 178 |
|
| 179 |
|
| 180 |
|
| 181 |
|
| 182 |
|
| 183 |
|
| 184 |
|
| 185 |
|
| 186 |
|
| 187 |
|
| 188 |
|
| 189 |
|
| 190 |
|
| 191 |
|
| 192 |
|
| 193 |
|
| 194 |
|
| 195 |
|
| 196 |
|
| 197 |
|
| 198 |
|
| 199 |
|
| 200 |
|
| 201 |
|
| 202 |
|
| 203 |
|
| 204 |
|
| 205 |
|
| 206 |
|
| 207 |
|
| 208 |
|
| 209 |
|
| 210 |
|
| 211 |
|
| 212 |
|
| 213 |
|
| 214 |
|
| 215 |
|
| 216 |
|
| 217 |
|
| 218 |
|
| 219 |
|
| 220 |
|
| 221 |
|
| 222 |
|
| 223 |
|
| 224 |
|
| 225 |
|
| 226 |
|
| 227 |
|
| 228 |
|
| 229 |
|
| 230 |
|
| 231 |
|
| 232 |
|
| 233 |
|
| 234 |
|
| 235 |
|
| 236 |
|
| 237 |
|
| 238 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-1507
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1u6r-4dzb-wfh2 |
|
| 7 |
| url |
VCID-1wuy-5w5r-bubj |
| vulnerability_id |
VCID-1wuy-5w5r-bubj |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which may allow execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1184 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.41698 |
| scoring_system |
epss |
| scoring_elements |
0.97419 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.41698 |
| scoring_system |
epss |
| scoring_elements |
0.97393 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.41698 |
| scoring_system |
epss |
| scoring_elements |
0.974 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.41698 |
| scoring_system |
epss |
| scoring_elements |
0.97404 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.41698 |
| scoring_system |
epss |
| scoring_elements |
0.97407 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.41698 |
| scoring_system |
epss |
| scoring_elements |
0.97413 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.41698 |
| scoring_system |
epss |
| scoring_elements |
0.97415 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.41698 |
| scoring_system |
epss |
| scoring_elements |
0.97416 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.41698 |
| scoring_system |
epss |
| scoring_elements |
0.97418 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1184 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-1184
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1wuy-5w5r-bubj |
|
| 8 |
| url |
VCID-2qjc-yspn-xydj |
| vulnerability_id |
VCID-2qjc-yspn-xydj |
| summary |
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-47780 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00577 |
| scoring_system |
epss |
| scoring_elements |
0.68818 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00577 |
| scoring_system |
epss |
| scoring_elements |
0.68847 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00577 |
| scoring_system |
epss |
| scoring_elements |
0.6877 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00577 |
| scoring_system |
epss |
| scoring_elements |
0.6879 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00577 |
| scoring_system |
epss |
| scoring_elements |
0.68768 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00577 |
| scoring_system |
epss |
| scoring_elements |
0.6882 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00577 |
| scoring_system |
epss |
| scoring_elements |
0.68839 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00577 |
| scoring_system |
epss |
| scoring_elements |
0.68862 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-47780 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-47780
|
| risk_score |
2.1 |
| exploitability |
0.5 |
| weighted_severity |
4.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2qjc-yspn-xydj |
|
| 9 |
| url |
VCID-2r38-yjx6-uuae |
| vulnerability_id |
VCID-2r38-yjx6-uuae |
| summary |
security update |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2232 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07852 |
| scoring_system |
epss |
| scoring_elements |
0.92004 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.07852 |
| scoring_system |
epss |
| scoring_elements |
0.92 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.07852 |
| scoring_system |
epss |
| scoring_elements |
0.91963 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.07852 |
| scoring_system |
epss |
| scoring_elements |
0.91971 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.07852 |
| scoring_system |
epss |
| scoring_elements |
0.91979 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.07852 |
| scoring_system |
epss |
| scoring_elements |
0.91985 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.07852 |
| scoring_system |
epss |
| scoring_elements |
0.91997 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2232 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
|
| 136 |
|
| 137 |
|
| 138 |
|
| 139 |
|
| 140 |
|
| 141 |
|
| 142 |
|
| 143 |
|
| 144 |
|
| 145 |
|
| 146 |
|
| 147 |
|
| 148 |
|
| 149 |
|
| 150 |
|
| 151 |
|
| 152 |
|
| 153 |
|
| 154 |
|
| 155 |
|
| 156 |
|
| 157 |
|
| 158 |
|
| 159 |
|
| 160 |
|
| 161 |
|
| 162 |
|
| 163 |
|
| 164 |
|
| 165 |
|
| 166 |
|
| 167 |
|
| 168 |
|
| 169 |
|
| 170 |
|
| 171 |
|
| 172 |
|
| 173 |
|
| 174 |
|
| 175 |
|
| 176 |
|
| 177 |
|
| 178 |
|
| 179 |
|
| 180 |
|
| 181 |
|
| 182 |
|
| 183 |
|
| 184 |
|
| 185 |
|
| 186 |
|
| 187 |
|
| 188 |
|
| 189 |
|
| 190 |
|
| 191 |
|
| 192 |
|
| 193 |
|
| 194 |
|
| 195 |
|
| 196 |
|
| 197 |
|
| 198 |
|
| 199 |
|
| 200 |
|
| 201 |
|
| 202 |
|
| 203 |
|
| 204 |
|
| 205 |
|
| 206 |
|
| 207 |
|
| 208 |
|
| 209 |
|
| 210 |
|
| 211 |
|
| 212 |
|
| 213 |
|
| 214 |
|
| 215 |
|
| 216 |
|
| 217 |
|
| 218 |
|
| 219 |
|
| 220 |
|
| 221 |
|
| 222 |
|
| 223 |
|
| 224 |
|
| 225 |
|
| 226 |
|
| 227 |
|
| 228 |
|
| 229 |
|
| 230 |
|
| 231 |
|
| 232 |
|
| 233 |
|
| 234 |
|
| 235 |
|
| 236 |
|
| 237 |
|
| 238 |
|
| 239 |
|
| 240 |
|
| 241 |
|
| 242 |
|
| 243 |
|
| 244 |
|
| 245 |
|
| 246 |
|
| 247 |
|
| 248 |
|
| 249 |
|
| 250 |
|
| 251 |
|
| 252 |
|
| 253 |
|
| 254 |
|
| 255 |
|
| 256 |
|
| 257 |
|
| 258 |
|
| 259 |
|
| 260 |
|
| 261 |
|
| 262 |
|
| 263 |
|
| 264 |
|
| 265 |
|
| 266 |
|
| 267 |
|
| 268 |
|
| 269 |
|
| 270 |
|
| 271 |
|
| 272 |
|
| 273 |
|
| 274 |
|
| 275 |
|
| 276 |
|
| 277 |
|
| 278 |
|
| 279 |
|
| 280 |
|
| 281 |
|
| 282 |
|
| 283 |
|
| 284 |
|
| 285 |
|
| 286 |
|
| 287 |
|
| 288 |
|
| 289 |
|
| 290 |
|
| 291 |
|
| 292 |
|
| 293 |
|
| 294 |
|
| 295 |
|
| 296 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-2232
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2r38-yjx6-uuae |
|
| 10 |
| url |
VCID-2xc3-aqh8-cubn |
| vulnerability_id |
VCID-2xc3-aqh8-cubn |
| summary |
main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-15639 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.088 |
| scoring_system |
epss |
| scoring_elements |
0.92526 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.088 |
| scoring_system |
epss |
| scoring_elements |
0.92524 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.088 |
| scoring_system |
epss |
| scoring_elements |
0.92484 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.088 |
| scoring_system |
epss |
| scoring_elements |
0.9249 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.088 |
| scoring_system |
epss |
| scoring_elements |
0.92499 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.088 |
| scoring_system |
epss |
| scoring_elements |
0.92502 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.088 |
| scoring_system |
epss |
| scoring_elements |
0.92513 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.088 |
| scoring_system |
epss |
| scoring_elements |
0.92518 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-15639 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-15639
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2xc3-aqh8-cubn |
|
| 11 |
| url |
VCID-32hs-eqw2-1kf2 |
| vulnerability_id |
VCID-32hs-eqw2-1kf2 |
| summary |
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-18790 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07418 |
| scoring_system |
epss |
| scoring_elements |
0.91746 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.07418 |
| scoring_system |
epss |
| scoring_elements |
0.91751 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.07418 |
| scoring_system |
epss |
| scoring_elements |
0.91705 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.07418 |
| scoring_system |
epss |
| scoring_elements |
0.91713 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.07418 |
| scoring_system |
epss |
| scoring_elements |
0.91718 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.07418 |
| scoring_system |
epss |
| scoring_elements |
0.91726 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.07418 |
| scoring_system |
epss |
| scoring_elements |
0.91738 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.07418 |
| scoring_system |
epss |
| scoring_elements |
0.91745 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.07418 |
| scoring_system |
epss |
| scoring_elements |
0.91748 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-18790 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-18790
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-32hs-eqw2-1kf2 |
|
| 12 |
| url |
VCID-34fv-tv5a-tkgw |
| vulnerability_id |
VCID-34fv-tv5a-tkgw |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23537 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58944 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58904 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58956 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58962 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58981 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58963 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58915 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58938 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23537 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-23537
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-34fv-tv5a-tkgw |
|
| 13 |
| url |
VCID-3gwr-t9bx-47cj |
| vulnerability_id |
VCID-3gwr-t9bx-47cj |
| summary |
asterisk: HTTP Manager ID is predictable (AST-2008-005) |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-1390 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02654 |
| scoring_system |
epss |
| scoring_elements |
0.857 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02654 |
| scoring_system |
epss |
| scoring_elements |
0.85713 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.02654 |
| scoring_system |
epss |
| scoring_elements |
0.85731 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.02654 |
| scoring_system |
epss |
| scoring_elements |
0.85738 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02654 |
| scoring_system |
epss |
| scoring_elements |
0.85757 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02654 |
| scoring_system |
epss |
| scoring_elements |
0.85768 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02654 |
| scoring_system |
epss |
| scoring_elements |
0.85782 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02654 |
| scoring_system |
epss |
| scoring_elements |
0.85779 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02654 |
| scoring_system |
epss |
| scoring_elements |
0.85776 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-1390 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-1390
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3gwr-t9bx-47cj |
|
| 14 |
| url |
VCID-3jx3-v6c9-3be2 |
| vulnerability_id |
VCID-3jx3-v6c9-3be2 |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which may allow execution of arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-5641 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04098 |
| scoring_system |
epss |
| scoring_elements |
0.88538 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.04098 |
| scoring_system |
epss |
| scoring_elements |
0.88547 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.04098 |
| scoring_system |
epss |
| scoring_elements |
0.88564 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.04098 |
| scoring_system |
epss |
| scoring_elements |
0.88567 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.04098 |
| scoring_system |
epss |
| scoring_elements |
0.88586 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.04098 |
| scoring_system |
epss |
| scoring_elements |
0.8859 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.04098 |
| scoring_system |
epss |
| scoring_elements |
0.88602 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.04098 |
| scoring_system |
epss |
| scoring_elements |
0.88594 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.04098 |
| scoring_system |
epss |
| scoring_elements |
0.88595 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-5641 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-5641
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3jx3-v6c9-3be2 |
|
| 15 |
| url |
VCID-3r26-8d9e-aqdm |
| vulnerability_id |
VCID-3r26-8d9e-aqdm |
| summary |
asterisk: remote crash in SIP channel driver (AST-2009-002) |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-0871 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02947 |
| scoring_system |
epss |
| scoring_elements |
0.86448 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.02947 |
| scoring_system |
epss |
| scoring_elements |
0.86382 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.02947 |
| scoring_system |
epss |
| scoring_elements |
0.86393 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.02947 |
| scoring_system |
epss |
| scoring_elements |
0.8641 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.02947 |
| scoring_system |
epss |
| scoring_elements |
0.86412 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.02947 |
| scoring_system |
epss |
| scoring_elements |
0.8643 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.02947 |
| scoring_system |
epss |
| scoring_elements |
0.8644 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.02947 |
| scoring_system |
epss |
| scoring_elements |
0.86454 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.02947 |
| scoring_system |
epss |
| scoring_elements |
0.86453 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-0871 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-0871
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3r26-8d9e-aqdm |
|
| 16 |
| url |
VCID-43ff-97jw-hkce |
| vulnerability_id |
VCID-43ff-97jw-hkce |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-1131 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13936 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13986 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.14083 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.14137 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13943 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.14025 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.14078 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.14023 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-1131 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-1131
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-43ff-97jw-hkce |
|
| 17 |
| url |
VCID-4658-u85z-zqhh |
| vulnerability_id |
VCID-4658-u85z-zqhh |
| summary |
The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-4045 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01754 |
| scoring_system |
epss |
| scoring_elements |
0.82573 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.01754 |
| scoring_system |
epss |
| scoring_elements |
0.82507 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01754 |
| scoring_system |
epss |
| scoring_elements |
0.82522 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01754 |
| scoring_system |
epss |
| scoring_elements |
0.82537 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01754 |
| scoring_system |
epss |
| scoring_elements |
0.82533 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01754 |
| scoring_system |
epss |
| scoring_elements |
0.82559 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01754 |
| scoring_system |
epss |
| scoring_elements |
0.82567 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01754 |
| scoring_system |
epss |
| scoring_elements |
0.82586 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01754 |
| scoring_system |
epss |
| scoring_elements |
0.82579 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-4045 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-4045
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4658-u85z-zqhh |
|
| 18 |
| url |
VCID-48pt-6j6q-jbcn |
| vulnerability_id |
VCID-48pt-6j6q-jbcn |
| summary |
Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23608 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00784 |
| scoring_system |
epss |
| scoring_elements |
0.73759 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00784 |
| scoring_system |
epss |
| scoring_elements |
0.73768 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00784 |
| scoring_system |
epss |
| scoring_elements |
0.73786 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00786 |
| scoring_system |
epss |
| scoring_elements |
0.73772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00786 |
| scoring_system |
epss |
| scoring_elements |
0.73796 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00786 |
| scoring_system |
epss |
| scoring_elements |
0.73766 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00786 |
| scoring_system |
epss |
| scoring_elements |
0.73801 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00786 |
| scoring_system |
epss |
| scoring_elements |
0.73814 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23608 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-23608
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-48pt-6j6q-jbcn |
|
| 19 |
| url |
VCID-5211-bpr9-nqaf |
| vulnerability_id |
VCID-5211-bpr9-nqaf |
| summary |
Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-2293 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.49577 |
| scoring_system |
epss |
| scoring_elements |
0.97801 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.49577 |
| scoring_system |
epss |
| scoring_elements |
0.97778 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.49577 |
| scoring_system |
epss |
| scoring_elements |
0.97784 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.49577 |
| scoring_system |
epss |
| scoring_elements |
0.97785 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.49577 |
| scoring_system |
epss |
| scoring_elements |
0.97788 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.49577 |
| scoring_system |
epss |
| scoring_elements |
0.97792 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.49577 |
| scoring_system |
epss |
| scoring_elements |
0.97795 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.49577 |
| scoring_system |
epss |
| scoring_elements |
0.97797 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.49577 |
| scoring_system |
epss |
| scoring_elements |
0.97799 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-2293 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-2293
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5211-bpr9-nqaf |
|
| 20 |
| url |
VCID-542z-gtvr-ykck |
| vulnerability_id |
VCID-542z-gtvr-ykck |
| summary |
Multiple vulnerabilities in Asterisk might allow remote attackers
to execute arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-2416 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05048 |
| scoring_system |
epss |
| scoring_elements |
0.89729 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.05048 |
| scoring_system |
epss |
| scoring_elements |
0.89732 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.05048 |
| scoring_system |
epss |
| scoring_elements |
0.89746 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.05048 |
| scoring_system |
epss |
| scoring_elements |
0.89748 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.05048 |
| scoring_system |
epss |
| scoring_elements |
0.89765 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.05048 |
| scoring_system |
epss |
| scoring_elements |
0.89772 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.05048 |
| scoring_system |
epss |
| scoring_elements |
0.89778 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.05048 |
| scoring_system |
epss |
| scoring_elements |
0.89776 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.05048 |
| scoring_system |
epss |
| scoring_elements |
0.8977 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-2416 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-2416
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-542z-gtvr-ykck |
|
| 21 |
| url |
VCID-5499-3dkq-9fc2 |
| vulnerability_id |
VCID-5499-3dkq-9fc2 |
| summary |
Multiple vulnerabilities have been found in Asterisk. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-3764 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.45627 |
| scoring_system |
epss |
| scoring_elements |
0.97593 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.45627 |
| scoring_system |
epss |
| scoring_elements |
0.97599 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.45627 |
| scoring_system |
epss |
| scoring_elements |
0.97602 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.45627 |
| scoring_system |
epss |
| scoring_elements |
0.97603 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.45627 |
| scoring_system |
epss |
| scoring_elements |
0.97609 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.45627 |
| scoring_system |
epss |
| scoring_elements |
0.97611 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.45627 |
| scoring_system |
epss |
| scoring_elements |
0.97614 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.45627 |
| scoring_system |
epss |
| scoring_elements |
0.97616 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.45627 |
| scoring_system |
epss |
| scoring_elements |
0.97617 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-3764 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-3764
|
| risk_score |
0.8 |
| exploitability |
2.0 |
| weighted_severity |
0.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5499-3dkq-9fc2 |
|
| 22 |
| url |
VCID-55vv-7jsj-xqeh |
| vulnerability_id |
VCID-55vv-7jsj-xqeh |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-49294 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.17085 |
| scoring_system |
epss |
| scoring_elements |
0.94971 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.17085 |
| scoring_system |
epss |
| scoring_elements |
0.94973 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.17085 |
| scoring_system |
epss |
| scoring_elements |
0.94976 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.17085 |
| scoring_system |
epss |
| scoring_elements |
0.94985 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.17085 |
| scoring_system |
epss |
| scoring_elements |
0.94988 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.17085 |
| scoring_system |
epss |
| scoring_elements |
0.94993 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.17085 |
| scoring_system |
epss |
| scoring_elements |
0.94995 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.17085 |
| scoring_system |
epss |
| scoring_elements |
0.94997 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-49294 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-49294
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-55vv-7jsj-xqeh |
|
| 23 |
| url |
VCID-58np-gsxj-8yc4 |
| vulnerability_id |
VCID-58np-gsxj-8yc4 |
| summary |
The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-4455 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05038 |
| scoring_system |
epss |
| scoring_elements |
0.89712 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.05038 |
| scoring_system |
epss |
| scoring_elements |
0.89716 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.05038 |
| scoring_system |
epss |
| scoring_elements |
0.8973 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.05038 |
| scoring_system |
epss |
| scoring_elements |
0.89732 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.05038 |
| scoring_system |
epss |
| scoring_elements |
0.89749 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.05038 |
| scoring_system |
epss |
| scoring_elements |
0.89756 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.05232 |
| scoring_system |
epss |
| scoring_elements |
0.89972 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.05232 |
| scoring_system |
epss |
| scoring_elements |
0.8997 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.05232 |
| scoring_system |
epss |
| scoring_elements |
0.89963 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-4455 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-4455
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-58np-gsxj-8yc4 |
|
| 24 |
| url |
VCID-5yue-52xt-ryhw |
| vulnerability_id |
VCID-5yue-52xt-ryhw |
| summary |
An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-18610 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.41891 |
| scoring_system |
epss |
| scoring_elements |
0.97427 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.41891 |
| scoring_system |
epss |
| scoring_elements |
0.97425 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.41891 |
| scoring_system |
epss |
| scoring_elements |
0.97401 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.41891 |
| scoring_system |
epss |
| scoring_elements |
0.97408 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.41891 |
| scoring_system |
epss |
| scoring_elements |
0.97412 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.41891 |
| scoring_system |
epss |
| scoring_elements |
0.97415 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.41891 |
| scoring_system |
epss |
| scoring_elements |
0.97421 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.41891 |
| scoring_system |
epss |
| scoring_elements |
0.97423 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-18610 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-18610
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5yue-52xt-ryhw |
|
| 25 |
| url |
VCID-63fe-saga-13ct |
| vulnerability_id |
VCID-63fe-saga-13ct |
| summary |
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-54995 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00991 |
| scoring_system |
epss |
| scoring_elements |
0.76862 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00991 |
| scoring_system |
epss |
| scoring_elements |
0.76889 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00991 |
| scoring_system |
epss |
| scoring_elements |
0.76894 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00991 |
| scoring_system |
epss |
| scoring_elements |
0.76914 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00991 |
| scoring_system |
epss |
| scoring_elements |
0.76886 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00991 |
| scoring_system |
epss |
| scoring_elements |
0.76876 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00991 |
| scoring_system |
epss |
| scoring_elements |
0.76844 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77363 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-54995 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-54995
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-63fe-saga-13ct |
|
| 26 |
| url |
VCID-67av-c7qh-5kek |
| vulnerability_id |
VCID-67av-c7qh-5kek |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which may allow execution of arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3812 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07186 |
| scoring_system |
epss |
| scoring_elements |
0.91544 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.07186 |
| scoring_system |
epss |
| scoring_elements |
0.91551 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.07186 |
| scoring_system |
epss |
| scoring_elements |
0.91557 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.07186 |
| scoring_system |
epss |
| scoring_elements |
0.91566 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.07186 |
| scoring_system |
epss |
| scoring_elements |
0.91579 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.07186 |
| scoring_system |
epss |
| scoring_elements |
0.91585 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.07186 |
| scoring_system |
epss |
| scoring_elements |
0.91589 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.07186 |
| scoring_system |
epss |
| scoring_elements |
0.91591 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.07186 |
| scoring_system |
epss |
| scoring_elements |
0.91588 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3812 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-3812
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-67av-c7qh-5kek |
|
| 27 |
| url |
VCID-6c2h-e3rr-eyfw |
| vulnerability_id |
VCID-6c2h-e3rr-eyfw |
| summary |
Asterisk is vulnerable to the remote execution of arbitrary code or a
Denial of Service. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2006-4345 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05153 |
| scoring_system |
epss |
| scoring_elements |
0.89843 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.05153 |
| scoring_system |
epss |
| scoring_elements |
0.89846 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.05153 |
| scoring_system |
epss |
| scoring_elements |
0.89859 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.05153 |
| scoring_system |
epss |
| scoring_elements |
0.89865 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.05153 |
| scoring_system |
epss |
| scoring_elements |
0.89881 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.05153 |
| scoring_system |
epss |
| scoring_elements |
0.89887 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.05153 |
| scoring_system |
epss |
| scoring_elements |
0.89894 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.05153 |
| scoring_system |
epss |
| scoring_elements |
0.89892 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.05153 |
| scoring_system |
epss |
| scoring_elements |
0.89885 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2006-4345 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2006-4345
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6c2h-e3rr-eyfw |
|
| 28 |
| url |
VCID-6jv8-3wch-wfew |
| vulnerability_id |
VCID-6jv8-3wch-wfew |
| summary |
security update |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2316 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01094 |
| scoring_system |
epss |
| scoring_elements |
0.77979 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.01094 |
| scoring_system |
epss |
| scoring_elements |
0.77981 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.01094 |
| scoring_system |
epss |
| scoring_elements |
0.77922 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.01094 |
| scoring_system |
epss |
| scoring_elements |
0.77929 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.01094 |
| scoring_system |
epss |
| scoring_elements |
0.77957 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.01094 |
| scoring_system |
epss |
| scoring_elements |
0.77939 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.01094 |
| scoring_system |
epss |
| scoring_elements |
0.77966 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.01094 |
| scoring_system |
epss |
| scoring_elements |
0.7797 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.01094 |
| scoring_system |
epss |
| scoring_elements |
0.77997 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2316 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
|
| 136 |
|
| 137 |
|
| 138 |
|
| 139 |
|
| 140 |
|
| 141 |
|
| 142 |
|
| 143 |
|
| 144 |
|
| 145 |
|
| 146 |
|
| 147 |
|
| 148 |
|
| 149 |
|
| 150 |
|
| 151 |
|
| 152 |
|
| 153 |
|
| 154 |
|
| 155 |
|
| 156 |
|
| 157 |
|
| 158 |
|
| 159 |
|
| 160 |
|
| 161 |
|
| 162 |
|
| 163 |
|
| 164 |
|
| 165 |
|
| 166 |
|
| 167 |
|
| 168 |
|
| 169 |
|
| 170 |
|
| 171 |
|
| 172 |
|
| 173 |
|
| 174 |
|
| 175 |
|
| 176 |
|
| 177 |
|
| 178 |
|
| 179 |
|
| 180 |
|
| 181 |
|
| 182 |
|
| 183 |
|
| 184 |
|
| 185 |
|
| 186 |
|
| 187 |
|
| 188 |
|
| 189 |
|
| 190 |
|
| 191 |
|
| 192 |
|
| 193 |
|
| 194 |
|
| 195 |
|
| 196 |
|
| 197 |
|
| 198 |
|
| 199 |
|
| 200 |
|
| 201 |
|
| 202 |
|
| 203 |
|
| 204 |
|
| 205 |
|
| 206 |
|
| 207 |
|
| 208 |
|
| 209 |
|
| 210 |
|
| 211 |
|
| 212 |
|
| 213 |
|
| 214 |
|
| 215 |
|
| 216 |
|
| 217 |
|
| 218 |
|
| 219 |
|
| 220 |
|
| 221 |
|
| 222 |
|
| 223 |
|
| 224 |
|
| 225 |
|
| 226 |
|
| 227 |
|
| 228 |
|
| 229 |
|
| 230 |
|
| 231 |
|
| 232 |
|
| 233 |
|
| 234 |
|
| 235 |
|
| 236 |
|
| 237 |
|
| 238 |
|
| 239 |
|
| 240 |
|
| 241 |
|
| 242 |
|
| 243 |
|
| 244 |
|
| 245 |
|
| 246 |
|
| 247 |
|
| 248 |
|
| 249 |
|
| 250 |
|
| 251 |
|
| 252 |
|
| 253 |
|
| 254 |
|
| 255 |
|
| 256 |
|
| 257 |
|
| 258 |
|
| 259 |
|
| 260 |
|
| 261 |
|
| 262 |
|
| 263 |
|
| 264 |
|
| 265 |
|
| 266 |
|
| 267 |
|
| 268 |
|
| 269 |
|
| 270 |
|
| 271 |
|
| 272 |
|
| 273 |
|
| 274 |
|
| 275 |
|
| 276 |
|
| 277 |
|
| 278 |
|
| 279 |
|
| 280 |
|
| 281 |
|
| 282 |
|
| 283 |
|
| 284 |
|
| 285 |
|
| 286 |
|
| 287 |
|
| 288 |
|
| 289 |
|
| 290 |
|
| 291 |
|
| 292 |
|
| 293 |
|
| 294 |
|
| 295 |
|
| 296 |
|
| 297 |
|
| 298 |
|
| 299 |
|
| 300 |
|
| 301 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-2316
|
| risk_score |
3.2 |
| exploitability |
0.5 |
| weighted_severity |
6.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6jv8-3wch-wfew |
|
| 29 |
| url |
VCID-6rhm-xrwe-x7af |
| vulnerability_id |
VCID-6rhm-xrwe-x7af |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-26717 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00421 |
| scoring_system |
epss |
| scoring_elements |
0.61896 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00421 |
| scoring_system |
epss |
| scoring_elements |
0.61969 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00421 |
| scoring_system |
epss |
| scoring_elements |
0.62001 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00421 |
| scoring_system |
epss |
| scoring_elements |
0.6197 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00421 |
| scoring_system |
epss |
| scoring_elements |
0.6202 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00421 |
| scoring_system |
epss |
| scoring_elements |
0.62036 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00421 |
| scoring_system |
epss |
| scoring_elements |
0.62057 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00421 |
| scoring_system |
epss |
| scoring_elements |
0.62046 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00421 |
| scoring_system |
epss |
| scoring_elements |
0.62025 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-26717 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-26717
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6rhm-xrwe-x7af |
|
| 30 |
| url |
VCID-6xqn-t8j4-skgs |
| vulnerability_id |
VCID-6xqn-t8j4-skgs |
| summary |
Multiple vulnerabilities in Asterisk might allow unauthenticated
remote attackers to execute arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2535 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39508 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39657 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39679 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39597 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39652 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39666 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39675 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39639 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39623 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2535 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-2535
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6xqn-t8j4-skgs |
|
| 31 |
| url |
VCID-6yxw-veq3-eqgd |
| vulnerability_id |
VCID-6yxw-veq3-eqgd |
| summary |
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-0495 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00573 |
| scoring_system |
epss |
| scoring_elements |
0.68637 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00573 |
| scoring_system |
epss |
| scoring_elements |
0.68655 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00573 |
| scoring_system |
epss |
| scoring_elements |
0.68674 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00573 |
| scoring_system |
epss |
| scoring_elements |
0.68651 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00573 |
| scoring_system |
epss |
| scoring_elements |
0.68702 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00573 |
| scoring_system |
epss |
| scoring_elements |
0.6872 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00573 |
| scoring_system |
epss |
| scoring_elements |
0.68743 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00573 |
| scoring_system |
epss |
| scoring_elements |
0.68729 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00573 |
| scoring_system |
epss |
| scoring_elements |
0.687 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-0495 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-0495
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6yxw-veq3-eqgd |
|
| 32 |
| url |
VCID-77r2-q55r-wffw |
| vulnerability_id |
VCID-77r2-q55r-wffw |
| summary |
Multiple vulnerabilities have been found in Asterisk allowing for Denial of
Service and username disclosure. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-2119 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.10134 |
| scoring_system |
epss |
| scoring_elements |
0.931 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.10134 |
| scoring_system |
epss |
| scoring_elements |
0.93071 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.10134 |
| scoring_system |
epss |
| scoring_elements |
0.93081 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.10134 |
| scoring_system |
epss |
| scoring_elements |
0.93084 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.10134 |
| scoring_system |
epss |
| scoring_elements |
0.93083 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.10134 |
| scoring_system |
epss |
| scoring_elements |
0.93091 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.10134 |
| scoring_system |
epss |
| scoring_elements |
0.93096 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.10134 |
| scoring_system |
epss |
| scoring_elements |
0.93101 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.10134 |
| scoring_system |
epss |
| scoring_elements |
0.93098 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-2119 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-2119
|
| risk_score |
7.8 |
| exploitability |
2.0 |
| weighted_severity |
3.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-77r2-q55r-wffw |
|
| 33 |
| url |
VCID-7kus-4n4f-myd1 |
| vulnerability_id |
VCID-7kus-4n4f-myd1 |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-26498 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00308 |
| scoring_system |
epss |
| scoring_elements |
0.53919 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00414 |
| scoring_system |
epss |
| scoring_elements |
0.61596 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00414 |
| scoring_system |
epss |
| scoring_elements |
0.61567 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00414 |
| scoring_system |
epss |
| scoring_elements |
0.61615 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00414 |
| scoring_system |
epss |
| scoring_elements |
0.61629 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00414 |
| scoring_system |
epss |
| scoring_elements |
0.6165 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00414 |
| scoring_system |
epss |
| scoring_elements |
0.61639 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00414 |
| scoring_system |
epss |
| scoring_elements |
0.61619 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-26498 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-26498
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7kus-4n4f-myd1 |
|
| 34 |
| url |
VCID-7m8s-6ydk-gbgr |
| vulnerability_id |
VCID-7m8s-6ydk-gbgr |
| summary |
Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-37706 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48294 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48285 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48309 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48283 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48234 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.4829 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00253 |
| scoring_system |
epss |
| scoring_elements |
0.48607 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00253 |
| scoring_system |
epss |
| scoring_elements |
0.48566 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-37706 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-37706
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7m8s-6ydk-gbgr |
|
| 35 |
| url |
VCID-7ner-5xz7-93gz |
| vulnerability_id |
VCID-7ner-5xz7-93gz |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which could result in a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-12227 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0106 |
| scoring_system |
epss |
| scoring_elements |
0.77636 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.0106 |
| scoring_system |
epss |
| scoring_elements |
0.77637 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.0106 |
| scoring_system |
epss |
| scoring_elements |
0.77577 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0106 |
| scoring_system |
epss |
| scoring_elements |
0.77584 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0106 |
| scoring_system |
epss |
| scoring_elements |
0.7761 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0106 |
| scoring_system |
epss |
| scoring_elements |
0.77592 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0106 |
| scoring_system |
epss |
| scoring_elements |
0.7762 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0106 |
| scoring_system |
epss |
| scoring_elements |
0.77627 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0106 |
| scoring_system |
epss |
| scoring_elements |
0.77653 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-12227 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-12227
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7ner-5xz7-93gz |
|
| 36 |
| url |
VCID-7pts-41xh-mbh4 |
| vulnerability_id |
VCID-7pts-41xh-mbh4 |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which may allow execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-4737 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01504 |
| scoring_system |
epss |
| scoring_elements |
0.81162 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.01504 |
| scoring_system |
epss |
| scoring_elements |
0.81097 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01504 |
| scoring_system |
epss |
| scoring_elements |
0.81106 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01504 |
| scoring_system |
epss |
| scoring_elements |
0.81131 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01504 |
| scoring_system |
epss |
| scoring_elements |
0.8113 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01504 |
| scoring_system |
epss |
| scoring_elements |
0.81157 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01504 |
| scoring_system |
epss |
| scoring_elements |
0.81163 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01504 |
| scoring_system |
epss |
| scoring_elements |
0.81182 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01504 |
| scoring_system |
epss |
| scoring_elements |
0.81169 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-4737 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
|
| 136 |
|
| 137 |
|
| 138 |
|
| 139 |
|
| 140 |
|
| 141 |
|
| 142 |
|
| 143 |
|
| 144 |
|
| 145 |
|
| 146 |
|
| 147 |
|
| 148 |
|
| 149 |
|
| 150 |
|
| 151 |
|
| 152 |
|
| 153 |
|
| 154 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-4737
|
| risk_score |
2.7 |
| exploitability |
0.5 |
| weighted_severity |
5.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7pts-41xh-mbh4 |
|
| 37 |
| url |
VCID-7pxs-dc7h-tkbs |
| vulnerability_id |
VCID-7pxs-dc7h-tkbs |
| summary |
Multiple vulnerabilities in Asterisk might allow remote attackers to cause
a Denial of Service condition, or conduct other attacks. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-3727 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72419 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72424 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72442 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72458 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.7247 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72493 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72475 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.0072 |
| scoring_system |
epss |
| scoring_elements |
0.72466 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-3727 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-3727
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7pxs-dc7h-tkbs |
|
| 38 |
| url |
VCID-7tfx-9358-gygx |
| vulnerability_id |
VCID-7tfx-9358-gygx |
| summary |
Multiple vulnerabilities in Asterisk might allow unauthenticated
remote attackers to execute arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1147 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0342 |
| scoring_system |
epss |
| scoring_elements |
0.87396 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0342 |
| scoring_system |
epss |
| scoring_elements |
0.87406 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0342 |
| scoring_system |
epss |
| scoring_elements |
0.8742 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0342 |
| scoring_system |
epss |
| scoring_elements |
0.87419 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0342 |
| scoring_system |
epss |
| scoring_elements |
0.87437 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0342 |
| scoring_system |
epss |
| scoring_elements |
0.87444 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0342 |
| scoring_system |
epss |
| scoring_elements |
0.87456 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0342 |
| scoring_system |
epss |
| scoring_elements |
0.87451 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0342 |
| scoring_system |
epss |
| scoring_elements |
0.87448 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1147 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-1147
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7tfx-9358-gygx |
|
| 39 |
| url |
VCID-7tjs-ybpe-r7hg |
| vulnerability_id |
VCID-7tjs-ybpe-r7hg |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which could lead to Denial of Service, bypass intended ACL restrictions or
allow an authenticated user to gain escalated privileges. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-8417 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00897 |
| scoring_system |
epss |
| scoring_elements |
0.75632 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00897 |
| scoring_system |
epss |
| scoring_elements |
0.75575 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00897 |
| scoring_system |
epss |
| scoring_elements |
0.75577 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00897 |
| scoring_system |
epss |
| scoring_elements |
0.75607 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00897 |
| scoring_system |
epss |
| scoring_elements |
0.75588 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00897 |
| scoring_system |
epss |
| scoring_elements |
0.75622 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00897 |
| scoring_system |
epss |
| scoring_elements |
0.75633 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00897 |
| scoring_system |
epss |
| scoring_elements |
0.75657 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00897 |
| scoring_system |
epss |
| scoring_elements |
0.75639 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-8417 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8417
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7tjs-ybpe-r7hg |
|
| 40 |
| url |
VCID-81tr-5yzn-m7ap |
| vulnerability_id |
VCID-81tr-5yzn-m7ap |
| summary |
chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3553 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00069 |
| scoring_system |
epss |
| scoring_elements |
0.21098 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00069 |
| scoring_system |
epss |
| scoring_elements |
0.2125 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00069 |
| scoring_system |
epss |
| scoring_elements |
0.21303 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00069 |
| scoring_system |
epss |
| scoring_elements |
0.21056 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00069 |
| scoring_system |
epss |
| scoring_elements |
0.21136 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00069 |
| scoring_system |
epss |
| scoring_elements |
0.21197 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00069 |
| scoring_system |
epss |
| scoring_elements |
0.21208 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00069 |
| scoring_system |
epss |
| scoring_elements |
0.21165 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00069 |
| scoring_system |
epss |
| scoring_elements |
0.21114 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3553 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-3553
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-81tr-5yzn-m7ap |
|
| 41 |
| url |
VCID-8kjy-xtm2-bqan |
| vulnerability_id |
VCID-8kjy-xtm2-bqan |
| summary |
Asterisk: Asterisk: Local file disclosure via unsafe XML parsing |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-23739 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00048 |
| scoring_system |
epss |
| scoring_elements |
0.14927 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00048 |
| scoring_system |
epss |
| scoring_elements |
0.14816 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00048 |
| scoring_system |
epss |
| scoring_elements |
0.14913 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00048 |
| scoring_system |
epss |
| scoring_elements |
0.14875 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00048 |
| scoring_system |
epss |
| scoring_elements |
0.15004 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00048 |
| scoring_system |
epss |
| scoring_elements |
0.14808 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00048 |
| scoring_system |
epss |
| scoring_elements |
0.14898 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00048 |
| scoring_system |
epss |
| scoring_elements |
0.14948 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-23739 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-23739
|
| risk_score |
0.9 |
| exploitability |
0.5 |
| weighted_severity |
1.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8kjy-xtm2-bqan |
|
| 42 |
| url |
VCID-8mfb-mmaz-mfab |
| vulnerability_id |
VCID-8mfb-mmaz-mfab |
| summary |
reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2216 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03498 |
| scoring_system |
epss |
| scoring_elements |
0.87601 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.03498 |
| scoring_system |
epss |
| scoring_elements |
0.87547 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.03498 |
| scoring_system |
epss |
| scoring_elements |
0.87556 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.03498 |
| scoring_system |
epss |
| scoring_elements |
0.87569 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.03498 |
| scoring_system |
epss |
| scoring_elements |
0.87572 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.03498 |
| scoring_system |
epss |
| scoring_elements |
0.87591 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.03498 |
| scoring_system |
epss |
| scoring_elements |
0.87597 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.03498 |
| scoring_system |
epss |
| scoring_elements |
0.87608 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.03498 |
| scoring_system |
epss |
| scoring_elements |
0.87604 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2216 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-2216
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8mfb-mmaz-mfab |
|
| 43 |
| url |
VCID-8pdp-epea-juhj |
| vulnerability_id |
VCID-8pdp-epea-juhj |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-26499 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00362 |
| scoring_system |
epss |
| scoring_elements |
0.58287 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00487 |
| scoring_system |
epss |
| scoring_elements |
0.65447 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00487 |
| scoring_system |
epss |
| scoring_elements |
0.6541 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00487 |
| scoring_system |
epss |
| scoring_elements |
0.65463 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00487 |
| scoring_system |
epss |
| scoring_elements |
0.65474 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00487 |
| scoring_system |
epss |
| scoring_elements |
0.65493 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00487 |
| scoring_system |
epss |
| scoring_elements |
0.65479 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00487 |
| scoring_system |
epss |
| scoring_elements |
0.65451 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-26499 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-26499
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8pdp-epea-juhj |
|
| 44 |
| url |
VCID-8qy8-gk53-eufc |
| vulnerability_id |
VCID-8qy8-gk53-eufc |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which could result in a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-16671 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03635 |
| scoring_system |
epss |
| scoring_elements |
0.87841 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.03635 |
| scoring_system |
epss |
| scoring_elements |
0.87842 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.03635 |
| scoring_system |
epss |
| scoring_elements |
0.87783 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.03635 |
| scoring_system |
epss |
| scoring_elements |
0.87794 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.03635 |
| scoring_system |
epss |
| scoring_elements |
0.87805 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.03635 |
| scoring_system |
epss |
| scoring_elements |
0.87808 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.03635 |
| scoring_system |
epss |
| scoring_elements |
0.8783 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.03635 |
| scoring_system |
epss |
| scoring_elements |
0.87836 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.03635 |
| scoring_system |
epss |
| scoring_elements |
0.87848 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-16671 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-16671
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
7.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8qy8-gk53-eufc |
|
| 45 |
| url |
VCID-8shw-ev6h-dqgh |
| vulnerability_id |
VCID-8shw-ev6h-dqgh |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which could lead to Denial of Service, bypass intended ACL restrictions or
allow an authenticated user to gain escalated privileges. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-8414 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01902 |
| scoring_system |
epss |
| scoring_elements |
0.83239 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.01902 |
| scoring_system |
epss |
| scoring_elements |
0.83172 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01902 |
| scoring_system |
epss |
| scoring_elements |
0.83189 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01902 |
| scoring_system |
epss |
| scoring_elements |
0.83203 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01902 |
| scoring_system |
epss |
| scoring_elements |
0.83202 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01902 |
| scoring_system |
epss |
| scoring_elements |
0.83226 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01902 |
| scoring_system |
epss |
| scoring_elements |
0.83233 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01902 |
| scoring_system |
epss |
| scoring_elements |
0.83249 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01902 |
| scoring_system |
epss |
| scoring_elements |
0.83243 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-8414 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8414
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8shw-ev6h-dqgh |
|
| 46 |
| url |
VCID-8sys-3sj7-c3h6 |
| vulnerability_id |
VCID-8sys-3sj7-c3h6 |
| summary |
Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-21722 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00462 |
| scoring_system |
epss |
| scoring_elements |
0.64147 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00462 |
| scoring_system |
epss |
| scoring_elements |
0.64175 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00462 |
| scoring_system |
epss |
| scoring_elements |
0.64135 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00462 |
| scoring_system |
epss |
| scoring_elements |
0.64185 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00462 |
| scoring_system |
epss |
| scoring_elements |
0.64201 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00462 |
| scoring_system |
epss |
| scoring_elements |
0.64215 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00462 |
| scoring_system |
epss |
| scoring_elements |
0.64204 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-21722 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-21722
|
| risk_score |
4.1 |
| exploitability |
0.5 |
| weighted_severity |
8.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8sys-3sj7-c3h6 |
|
| 47 |
| url |
VCID-8yav-jpp1-rfbe |
| vulnerability_id |
VCID-8yav-jpp1-rfbe |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43299 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55471 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00326 |
| scoring_system |
epss |
| scoring_elements |
0.55583 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00379 |
| scoring_system |
epss |
| scoring_elements |
0.5938 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00379 |
| scoring_system |
epss |
| scoring_elements |
0.59346 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00379 |
| scoring_system |
epss |
| scoring_elements |
0.59397 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00379 |
| scoring_system |
epss |
| scoring_elements |
0.59412 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00379 |
| scoring_system |
epss |
| scoring_elements |
0.5943 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00379 |
| scoring_system |
epss |
| scoring_elements |
0.59414 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00379 |
| scoring_system |
epss |
| scoring_elements |
0.59396 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43299 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-43299
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8yav-jpp1-rfbe |
|
| 48 |
| url |
VCID-917e-7kp2-y3hw |
| vulnerability_id |
VCID-917e-7kp2-y3hw |
| summary |
res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-15297 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01814 |
| scoring_system |
epss |
| scoring_elements |
0.82843 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.01814 |
| scoring_system |
epss |
| scoring_elements |
0.82847 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.01814 |
| scoring_system |
epss |
| scoring_elements |
0.82779 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.01814 |
| scoring_system |
epss |
| scoring_elements |
0.82795 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.01814 |
| scoring_system |
epss |
| scoring_elements |
0.82809 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.01814 |
| scoring_system |
epss |
| scoring_elements |
0.82804 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.01814 |
| scoring_system |
epss |
| scoring_elements |
0.8283 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.01814 |
| scoring_system |
epss |
| scoring_elements |
0.82836 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.01814 |
| scoring_system |
epss |
| scoring_elements |
0.82852 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-15297 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-15297
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-917e-7kp2-y3hw |
|
| 49 |
| url |
VCID-986n-21m7-fuc8 |
| vulnerability_id |
VCID-986n-21m7-fuc8 |
| summary |
main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-1224 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01 |
| scoring_system |
epss |
| scoring_elements |
0.76925 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01 |
| scoring_system |
epss |
| scoring_elements |
0.76931 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01 |
| scoring_system |
epss |
| scoring_elements |
0.76961 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01 |
| scoring_system |
epss |
| scoring_elements |
0.76943 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01 |
| scoring_system |
epss |
| scoring_elements |
0.76975 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01 |
| scoring_system |
epss |
| scoring_elements |
0.76986 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01 |
| scoring_system |
epss |
| scoring_elements |
0.77013 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01 |
| scoring_system |
epss |
| scoring_elements |
0.76992 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01 |
| scoring_system |
epss |
| scoring_elements |
0.76987 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-1224 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-1224
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-986n-21m7-fuc8 |
|
| 50 |
| url |
VCID-9at6-bgzv-gue3 |
| vulnerability_id |
VCID-9at6-bgzv-gue3 |
| summary |
Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-39269 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00219 |
| scoring_system |
epss |
| scoring_elements |
0.44513 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00219 |
| scoring_system |
epss |
| scoring_elements |
0.44535 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00219 |
| scoring_system |
epss |
| scoring_elements |
0.44472 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00219 |
| scoring_system |
epss |
| scoring_elements |
0.44523 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00219 |
| scoring_system |
epss |
| scoring_elements |
0.44529 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00219 |
| scoring_system |
epss |
| scoring_elements |
0.44545 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00219 |
| scoring_system |
epss |
| scoring_elements |
0.44515 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00219 |
| scoring_system |
epss |
| scoring_elements |
0.44516 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-39269 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-39269
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9at6-bgzv-gue3 |
|
| 51 |
| url |
VCID-9f9j-z7y7-sffy |
| vulnerability_id |
VCID-9f9j-z7y7-sffy |
| summary |
Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43845 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51925 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51973 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51999 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.51965 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.52019 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.52018 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.5207 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.52052 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00285 |
| scoring_system |
epss |
| scoring_elements |
0.52036 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43845 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-43845
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9f9j-z7y7-sffy |
|
| 52 |
| url |
VCID-9fz9-f74u-2yfe |
| vulnerability_id |
VCID-9fz9-f74u-2yfe |
| summary |
Asterisk is vulnerable to the remote execution of arbitrary code or a
Denial of Service. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2006-5445 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.10034 |
| scoring_system |
epss |
| scoring_elements |
0.93036 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.10034 |
| scoring_system |
epss |
| scoring_elements |
0.93045 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.10034 |
| scoring_system |
epss |
| scoring_elements |
0.93049 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.10034 |
| scoring_system |
epss |
| scoring_elements |
0.93057 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.10034 |
| scoring_system |
epss |
| scoring_elements |
0.93062 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.10034 |
| scoring_system |
epss |
| scoring_elements |
0.93067 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.10034 |
| scoring_system |
epss |
| scoring_elements |
0.93064 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.10034 |
| scoring_system |
epss |
| scoring_elements |
0.93066 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2006-5445 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2006-5445
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9fz9-f74u-2yfe |
|
| 53 |
| url |
VCID-9u4p-wdky-a3h1 |
| vulnerability_id |
VCID-9u4p-wdky-a3h1 |
| summary |
Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42365 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.3195 |
| scoring_system |
epss |
| scoring_elements |
0.96809 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.3195 |
| scoring_system |
epss |
| scoring_elements |
0.96812 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.3195 |
| scoring_system |
epss |
| scoring_elements |
0.9681 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.3195 |
| scoring_system |
epss |
| scoring_elements |
0.96795 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.3195 |
| scoring_system |
epss |
| scoring_elements |
0.96796 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.3195 |
| scoring_system |
epss |
| scoring_elements |
0.96801 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42365 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-42365
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9u4p-wdky-a3h1 |
|
| 54 |
| url |
VCID-9w61-sh1p-aqff |
| vulnerability_id |
VCID-9w61-sh1p-aqff |
| summary |
Multiple vulnerabilities have been found in Asterisk. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-3763 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.25182 |
| scoring_system |
epss |
| scoring_elements |
0.96147 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.25182 |
| scoring_system |
epss |
| scoring_elements |
0.96155 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.25182 |
| scoring_system |
epss |
| scoring_elements |
0.96162 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.25182 |
| scoring_system |
epss |
| scoring_elements |
0.96165 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.25182 |
| scoring_system |
epss |
| scoring_elements |
0.96175 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.25182 |
| scoring_system |
epss |
| scoring_elements |
0.96179 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.25182 |
| scoring_system |
epss |
| scoring_elements |
0.96183 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.25182 |
| scoring_system |
epss |
| scoring_elements |
0.96184 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-3763 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-3763
|
| risk_score |
0.4 |
| exploitability |
2.0 |
| weighted_severity |
0.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9w61-sh1p-aqff |
|
| 55 |
| url |
VCID-9xk8-m5c3-wud8 |
| vulnerability_id |
VCID-9xk8-m5c3-wud8 |
| summary |
Multiple vulnerabilities in Asterisk might allow unauthenticated
remote attackers to execute arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2666 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69107 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69123 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69144 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69125 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69175 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69194 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69216 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69201 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0059 |
| scoring_system |
epss |
| scoring_elements |
0.69173 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2666 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-2666
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9xk8-m5c3-wud8 |
|
| 56 |
| url |
VCID-a2n5-xpy5-gyfh |
| vulnerability_id |
VCID-a2n5-xpy5-gyfh |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which allows remote execution of arbitrary shell commands. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-14100 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.34964 |
| scoring_system |
epss |
| scoring_elements |
0.96995 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.34964 |
| scoring_system |
epss |
| scoring_elements |
0.97003 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.34964 |
| scoring_system |
epss |
| scoring_elements |
0.97007 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.34964 |
| scoring_system |
epss |
| scoring_elements |
0.97008 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.34964 |
| scoring_system |
epss |
| scoring_elements |
0.97018 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.34964 |
| scoring_system |
epss |
| scoring_elements |
0.97019 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.34964 |
| scoring_system |
epss |
| scoring_elements |
0.97021 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.34964 |
| scoring_system |
epss |
| scoring_elements |
0.97023 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-14100 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-14100
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a2n5-xpy5-gyfh |
|
| 57 |
| url |
VCID-a442-jcja-zych |
| vulnerability_id |
VCID-a442-jcja-zych |
| summary |
Multiple vulnerabilities have been found in Asterisk allowing for Denial of
Service and username disclosure. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3263 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.36096 |
| scoring_system |
epss |
| scoring_elements |
0.9708 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.36096 |
| scoring_system |
epss |
| scoring_elements |
0.97095 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.36096 |
| scoring_system |
epss |
| scoring_elements |
0.97075 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.36096 |
| scoring_system |
epss |
| scoring_elements |
0.97068 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.36096 |
| scoring_system |
epss |
| scoring_elements |
0.9709 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.36096 |
| scoring_system |
epss |
| scoring_elements |
0.97094 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3263 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-3263
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a442-jcja-zych |
|
| 58 |
| url |
VCID-a4na-u27r-sfc5 |
| vulnerability_id |
VCID-a4na-u27r-sfc5 |
| summary |
The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-4048 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01637 |
| scoring_system |
epss |
| scoring_elements |
0.81926 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.01637 |
| scoring_system |
epss |
| scoring_elements |
0.8186 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01637 |
| scoring_system |
epss |
| scoring_elements |
0.81871 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01637 |
| scoring_system |
epss |
| scoring_elements |
0.81894 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01637 |
| scoring_system |
epss |
| scoring_elements |
0.8189 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01637 |
| scoring_system |
epss |
| scoring_elements |
0.81917 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01637 |
| scoring_system |
epss |
| scoring_elements |
0.81923 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01637 |
| scoring_system |
epss |
| scoring_elements |
0.81943 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01637 |
| scoring_system |
epss |
| scoring_elements |
0.81931 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-4048 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-4048
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a4na-u27r-sfc5 |
|
| 59 |
| url |
VCID-a5sa-32q2-s3he |
| vulnerability_id |
VCID-a5sa-32q2-s3he |
| summary |
asterisk: Format String Vulnerability in Logger and Manager (AST-2008-004) |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-1333 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02866 |
| scoring_system |
epss |
| scoring_elements |
0.86197 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02866 |
| scoring_system |
epss |
| scoring_elements |
0.86207 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.02866 |
| scoring_system |
epss |
| scoring_elements |
0.8622 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.02866 |
| scoring_system |
epss |
| scoring_elements |
0.86221 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02866 |
| scoring_system |
epss |
| scoring_elements |
0.8624 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02866 |
| scoring_system |
epss |
| scoring_elements |
0.86251 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02866 |
| scoring_system |
epss |
| scoring_elements |
0.86265 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02866 |
| scoring_system |
epss |
| scoring_elements |
0.86262 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02866 |
| scoring_system |
epss |
| scoring_elements |
0.86258 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-1333 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-1333
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a5sa-32q2-s3he |
|
| 60 |
| url |
VCID-a8uf-chxy-9udv |
| vulnerability_id |
VCID-a8uf-chxy-9udv |
| summary |
The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-4280 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02896 |
| scoring_system |
epss |
| scoring_elements |
0.8626 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02896 |
| scoring_system |
epss |
| scoring_elements |
0.8627 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.02896 |
| scoring_system |
epss |
| scoring_elements |
0.86287 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.02896 |
| scoring_system |
epss |
| scoring_elements |
0.86288 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02896 |
| scoring_system |
epss |
| scoring_elements |
0.86306 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02896 |
| scoring_system |
epss |
| scoring_elements |
0.86316 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02896 |
| scoring_system |
epss |
| scoring_elements |
0.8633 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02896 |
| scoring_system |
epss |
| scoring_elements |
0.86328 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02896 |
| scoring_system |
epss |
| scoring_elements |
0.86324 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-4280 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-4280
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a8uf-chxy-9udv |
|
| 61 |
| url |
VCID-adsx-448w-vbem |
| vulnerability_id |
VCID-adsx-448w-vbem |
| summary |
Multiple vulnerabilities have been found in Asterisk. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-4103 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02623 |
| scoring_system |
epss |
| scoring_elements |
0.85591 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02623 |
| scoring_system |
epss |
| scoring_elements |
0.85604 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.02623 |
| scoring_system |
epss |
| scoring_elements |
0.85622 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.02623 |
| scoring_system |
epss |
| scoring_elements |
0.85628 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02623 |
| scoring_system |
epss |
| scoring_elements |
0.85648 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02623 |
| scoring_system |
epss |
| scoring_elements |
0.85659 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02623 |
| scoring_system |
epss |
| scoring_elements |
0.85674 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02623 |
| scoring_system |
epss |
| scoring_elements |
0.8567 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02623 |
| scoring_system |
epss |
| scoring_elements |
0.85666 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-4103 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-4103
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-adsx-448w-vbem |
|
| 62 |
| url |
VCID-agez-w3xn-63bt |
| vulnerability_id |
VCID-agez-w3xn-63bt |
| summary |
Multiple buffer overflows in Asterisk might allow remote attackers
to cause a Denial of Service condition. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-2288 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07478 |
| scoring_system |
epss |
| scoring_elements |
0.91742 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.07478 |
| scoring_system |
epss |
| scoring_elements |
0.9175 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.07478 |
| scoring_system |
epss |
| scoring_elements |
0.91756 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.07478 |
| scoring_system |
epss |
| scoring_elements |
0.91764 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.07478 |
| scoring_system |
epss |
| scoring_elements |
0.91776 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.07478 |
| scoring_system |
epss |
| scoring_elements |
0.91783 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.07478 |
| scoring_system |
epss |
| scoring_elements |
0.91786 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.07478 |
| scoring_system |
epss |
| scoring_elements |
0.91788 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.07478 |
| scoring_system |
epss |
| scoring_elements |
0.91784 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-2288 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-2288
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-agez-w3xn-63bt |
|
| 63 |
| url |
VCID-an47-cxfn-77e8 |
| vulnerability_id |
VCID-an47-cxfn-77e8 |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which may allow execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2685 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.08932 |
| scoring_system |
epss |
| scoring_elements |
0.92587 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.08932 |
| scoring_system |
epss |
| scoring_elements |
0.92551 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.08932 |
| scoring_system |
epss |
| scoring_elements |
0.92557 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.08932 |
| scoring_system |
epss |
| scoring_elements |
0.92564 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.08932 |
| scoring_system |
epss |
| scoring_elements |
0.92566 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.08932 |
| scoring_system |
epss |
| scoring_elements |
0.92577 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.08932 |
| scoring_system |
epss |
| scoring_elements |
0.92582 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.08932 |
| scoring_system |
epss |
| scoring_elements |
0.92588 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2685 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-2685
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-an47-cxfn-77e8 |
|
| 64 |
| url |
VCID-ap3n-99gn-aucs |
| vulnerability_id |
VCID-ap3n-99gn-aucs |
| summary |
A vulnerability has been discovered in PJSIP, which could lead to arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-27585 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.6572 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.6575 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65716 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.6577 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.6578 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65801 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65787 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65757 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-27585 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-27585
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ap3n-99gn-aucs |
|
| 65 |
| url |
VCID-apn8-j2e8-uka5 |
| vulnerability_id |
VCID-apn8-j2e8-uka5 |
| summary |
The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-4598 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70313 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70326 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70342 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.7032 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70365 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.7038 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70404 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70389 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70375 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-4598 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-4598
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-apn8-j2e8-uka5 |
|
| 66 |
| url |
VCID-ay1n-kp3k-37db |
| vulnerability_id |
VCID-ay1n-kp3k-37db |
| summary |
Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-8415 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75809 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75753 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75755 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75787 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75766 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75799 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75811 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75834 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75815 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-8415 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8415
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ay1n-kp3k-37db |
|
| 67 |
| url |
VCID-b1vq-vecs-pfev |
| vulnerability_id |
VCID-b1vq-vecs-pfev |
| summary |
Multiple vulnerabilities have been found in Asterisk allowing for Denial of
Service and username disclosure. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3264 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07458 |
| scoring_system |
epss |
| scoring_elements |
0.91728 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.07458 |
| scoring_system |
epss |
| scoring_elements |
0.91736 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.07458 |
| scoring_system |
epss |
| scoring_elements |
0.91742 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.07458 |
| scoring_system |
epss |
| scoring_elements |
0.91749 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.07458 |
| scoring_system |
epss |
| scoring_elements |
0.91762 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.07458 |
| scoring_system |
epss |
| scoring_elements |
0.91769 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.07458 |
| scoring_system |
epss |
| scoring_elements |
0.91772 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.07458 |
| scoring_system |
epss |
| scoring_elements |
0.91774 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.07458 |
| scoring_system |
epss |
| scoring_elements |
0.9177 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3264 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-3264
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b1vq-vecs-pfev |
|
| 68 |
| url |
VCID-b4z5-5hbq-5ka8 |
| vulnerability_id |
VCID-b4z5-5hbq-5ka8 |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-42706 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0081 |
| scoring_system |
epss |
| scoring_elements |
0.74181 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.0081 |
| scoring_system |
epss |
| scoring_elements |
0.74208 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.0081 |
| scoring_system |
epss |
| scoring_elements |
0.74214 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.0081 |
| scoring_system |
epss |
| scoring_elements |
0.74228 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.0081 |
| scoring_system |
epss |
| scoring_elements |
0.7425 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.0081 |
| scoring_system |
epss |
| scoring_elements |
0.74231 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.0081 |
| scoring_system |
epss |
| scoring_elements |
0.74224 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-42706 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-42706
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b4z5-5hbq-5ka8 |
|
| 69 |
| url |
VCID-bbhx-pe8h-fubn |
| vulnerability_id |
VCID-bbhx-pe8h-fubn |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which could lead to Denial of Service, bypass intended ACL restrictions or
allow an authenticated user to gain escalated privileges. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-8418 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01284 |
| scoring_system |
epss |
| scoring_elements |
0.79607 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.01284 |
| scoring_system |
epss |
| scoring_elements |
0.79558 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01284 |
| scoring_system |
epss |
| scoring_elements |
0.79565 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01284 |
| scoring_system |
epss |
| scoring_elements |
0.79587 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01284 |
| scoring_system |
epss |
| scoring_elements |
0.79574 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01284 |
| scoring_system |
epss |
| scoring_elements |
0.79603 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01284 |
| scoring_system |
epss |
| scoring_elements |
0.7961 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01284 |
| scoring_system |
epss |
| scoring_elements |
0.79631 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01284 |
| scoring_system |
epss |
| scoring_elements |
0.79615 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-8418 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8418
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bbhx-pe8h-fubn |
|
| 70 |
| url |
VCID-bk8r-brkr-bqc6 |
| vulnerability_id |
VCID-bk8r-brkr-bqc6 |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-49786 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26846 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26886 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26672 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.2674 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26791 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26794 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26749 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00097 |
| scoring_system |
epss |
| scoring_elements |
0.26693 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-49786 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-49786
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bk8r-brkr-bqc6 |
|
| 71 |
| url |
VCID-bknu-abgc-bugw |
| vulnerability_id |
VCID-bknu-abgc-bugw |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-37457 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22375 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.2242 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22208 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.2229 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22345 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22365 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22324 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22265 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-37457 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-37457
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bknu-abgc-bugw |
|
| 72 |
| url |
VCID-bv3b-3h5a-s7ez |
| vulnerability_id |
VCID-bv3b-3h5a-s7ez |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which may allow execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1183 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00219 |
| scoring_system |
epss |
| scoring_elements |
0.44516 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00219 |
| scoring_system |
epss |
| scoring_elements |
0.44443 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00219 |
| scoring_system |
epss |
| scoring_elements |
0.44512 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00219 |
| scoring_system |
epss |
| scoring_elements |
0.44534 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00219 |
| scoring_system |
epss |
| scoring_elements |
0.44472 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00219 |
| scoring_system |
epss |
| scoring_elements |
0.44523 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00219 |
| scoring_system |
epss |
| scoring_elements |
0.44528 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00219 |
| scoring_system |
epss |
| scoring_elements |
0.44544 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00219 |
| scoring_system |
epss |
| scoring_elements |
0.44515 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1183 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-1183
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bv3b-3h5a-s7ez |
|
| 73 |
| url |
VCID-byqv-c5jp-6ybg |
| vulnerability_id |
VCID-byqv-c5jp-6ybg |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43301 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00482 |
| scoring_system |
epss |
| scoring_elements |
0.65068 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00482 |
| scoring_system |
epss |
| scoring_elements |
0.65118 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68217 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68193 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68244 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68259 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68284 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68272 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68238 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43301 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-43301
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-byqv-c5jp-6ybg |
|
| 74 |
| url |
VCID-c4n3-bd3z-qfbw |
| vulnerability_id |
VCID-c4n3-bd3z-qfbw |
| summary |
Multiple vulnerabilities have been found in Asterisk allowing for Denial of
Service and username disclosure. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-0041 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0086 |
| scoring_system |
epss |
| scoring_elements |
0.74975 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0086 |
| scoring_system |
epss |
| scoring_elements |
0.74978 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0086 |
| scoring_system |
epss |
| scoring_elements |
0.75007 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0086 |
| scoring_system |
epss |
| scoring_elements |
0.74983 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0086 |
| scoring_system |
epss |
| scoring_elements |
0.75017 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0086 |
| scoring_system |
epss |
| scoring_elements |
0.75029 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.0086 |
| scoring_system |
epss |
| scoring_elements |
0.7505 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0086 |
| scoring_system |
epss |
| scoring_elements |
0.75018 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-0041 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-0041
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c4n3-bd3z-qfbw |
|
| 75 |
| url |
VCID-c765-b3fs-nbdu |
| vulnerability_id |
VCID-c765-b3fs-nbdu |
| summary |
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-5358 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00689 |
| scoring_system |
epss |
| scoring_elements |
0.71761 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00689 |
| scoring_system |
epss |
| scoring_elements |
0.71771 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00689 |
| scoring_system |
epss |
| scoring_elements |
0.71796 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00689 |
| scoring_system |
epss |
| scoring_elements |
0.71779 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00689 |
| scoring_system |
epss |
| scoring_elements |
0.7176 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0081 |
| scoring_system |
epss |
| scoring_elements |
0.74177 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0081 |
| scoring_system |
epss |
| scoring_elements |
0.74205 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.0081 |
| scoring_system |
epss |
| scoring_elements |
0.74172 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-5358 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-5358
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c765-b3fs-nbdu |
|
| 76 |
| url |
VCID-cupt-538a-z3fp |
| vulnerability_id |
VCID-cupt-538a-z3fp |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-37325 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0068 |
| scoring_system |
epss |
| scoring_elements |
0.71579 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.0068 |
| scoring_system |
epss |
| scoring_elements |
0.7154 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.0068 |
| scoring_system |
epss |
| scoring_elements |
0.7158 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.0068 |
| scoring_system |
epss |
| scoring_elements |
0.7159 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.0068 |
| scoring_system |
epss |
| scoring_elements |
0.71613 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.0068 |
| scoring_system |
epss |
| scoring_elements |
0.71598 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.0068 |
| scoring_system |
epss |
| scoring_elements |
0.71549 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.0068 |
| scoring_system |
epss |
| scoring_elements |
0.71567 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-37325 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-37325
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cupt-538a-z3fp |
|
| 77 |
| url |
VCID-cvp4-5uvw-xff2 |
| vulnerability_id |
VCID-cvp4-5uvw-xff2 |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which may allow execution of arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3863 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07186 |
| scoring_system |
epss |
| scoring_elements |
0.91544 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.07186 |
| scoring_system |
epss |
| scoring_elements |
0.91551 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.07186 |
| scoring_system |
epss |
| scoring_elements |
0.91557 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.07186 |
| scoring_system |
epss |
| scoring_elements |
0.91566 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.07186 |
| scoring_system |
epss |
| scoring_elements |
0.91579 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.07186 |
| scoring_system |
epss |
| scoring_elements |
0.91585 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.07186 |
| scoring_system |
epss |
| scoring_elements |
0.91589 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.07186 |
| scoring_system |
epss |
| scoring_elements |
0.91591 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.07186 |
| scoring_system |
epss |
| scoring_elements |
0.91588 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3863 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-3863
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cvp4-5uvw-xff2 |
|
| 78 |
| url |
VCID-czy4-hnuj-fbgx |
| vulnerability_id |
VCID-czy4-hnuj-fbgx |
| summary |
Multiple vulnerabilities in Asterisk might allow unauthenticated
remote attackers to execute arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1174 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52441 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52336 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52382 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52409 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52374 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52427 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52422 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52473 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52457 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1174 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-1174
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-czy4-hnuj-fbgx |
|
| 79 |
| url |
VCID-d791-zjab-jfh1 |
| vulnerability_id |
VCID-d791-zjab-jfh1 |
| summary |
The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-0095 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.26555 |
| scoring_system |
epss |
| scoring_elements |
0.96291 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.26555 |
| scoring_system |
epss |
| scoring_elements |
0.96299 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.26555 |
| scoring_system |
epss |
| scoring_elements |
0.96307 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.26555 |
| scoring_system |
epss |
| scoring_elements |
0.96312 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.26555 |
| scoring_system |
epss |
| scoring_elements |
0.9632 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.26555 |
| scoring_system |
epss |
| scoring_elements |
0.96323 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.26555 |
| scoring_system |
epss |
| scoring_elements |
0.96327 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.26555 |
| scoring_system |
epss |
| scoring_elements |
0.9633 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-0095 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-0095
|
| risk_score |
0.4 |
| exploitability |
2.0 |
| weighted_severity |
0.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d791-zjab-jfh1 |
|
| 80 |
| url |
VCID-d8sn-7zbc-4bhy |
| vulnerability_id |
VCID-d8sn-7zbc-4bhy |
| summary |
Multiple vulnerabilities in Asterisk might allow remote attackers
to execute arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-2414 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04278 |
| scoring_system |
epss |
| scoring_elements |
0.8879 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.04278 |
| scoring_system |
epss |
| scoring_elements |
0.88798 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.04278 |
| scoring_system |
epss |
| scoring_elements |
0.88814 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.04278 |
| scoring_system |
epss |
| scoring_elements |
0.88817 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.04278 |
| scoring_system |
epss |
| scoring_elements |
0.88834 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.04278 |
| scoring_system |
epss |
| scoring_elements |
0.88839 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.04278 |
| scoring_system |
epss |
| scoring_elements |
0.88851 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.04278 |
| scoring_system |
epss |
| scoring_elements |
0.88846 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-2414 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-2414
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d8sn-7zbc-4bhy |
|
| 81 |
| url |
VCID-ddpb-zwva-rfc5 |
| vulnerability_id |
VCID-ddpb-zwva-rfc5 |
| summary |
Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-21723 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00468 |
| scoring_system |
epss |
| scoring_elements |
0.64457 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00468 |
| scoring_system |
epss |
| scoring_elements |
0.64488 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00468 |
| scoring_system |
epss |
| scoring_elements |
0.64446 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00468 |
| scoring_system |
epss |
| scoring_elements |
0.64495 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00468 |
| scoring_system |
epss |
| scoring_elements |
0.64511 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00468 |
| scoring_system |
epss |
| scoring_elements |
0.64526 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00468 |
| scoring_system |
epss |
| scoring_elements |
0.64515 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00468 |
| scoring_system |
epss |
| scoring_elements |
0.64487 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-21723 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-21723
|
| risk_score |
4.1 |
| exploitability |
0.5 |
| weighted_severity |
8.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ddpb-zwva-rfc5 |
|
| 82 |
| url |
VCID-dmv1-4jgk-e3cq |
| vulnerability_id |
VCID-dmv1-4jgk-e3cq |
| summary |
Multiple buffer overflows in Asterisk might allow remote attackers
to cause a Denial of Service condition. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-2287 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05216 |
| scoring_system |
epss |
| scoring_elements |
0.89899 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.05216 |
| scoring_system |
epss |
| scoring_elements |
0.89903 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.05216 |
| scoring_system |
epss |
| scoring_elements |
0.89915 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.05216 |
| scoring_system |
epss |
| scoring_elements |
0.89921 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.05216 |
| scoring_system |
epss |
| scoring_elements |
0.89938 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.05216 |
| scoring_system |
epss |
| scoring_elements |
0.89944 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.05216 |
| scoring_system |
epss |
| scoring_elements |
0.89952 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.05216 |
| scoring_system |
epss |
| scoring_elements |
0.8995 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.05216 |
| scoring_system |
epss |
| scoring_elements |
0.89943 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-2287 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-2287
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dmv1-4jgk-e3cq |
|
| 83 |
| url |
VCID-dpra-jbea-4fcy |
| vulnerability_id |
VCID-dpra-jbea-4fcy |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which allows remote execution of arbitrary shell commands. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-14603 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00747 |
| scoring_system |
epss |
| scoring_elements |
0.73073 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00747 |
| scoring_system |
epss |
| scoring_elements |
0.73079 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00747 |
| scoring_system |
epss |
| scoring_elements |
0.7302 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00747 |
| scoring_system |
epss |
| scoring_elements |
0.7303 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00747 |
| scoring_system |
epss |
| scoring_elements |
0.7305 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00747 |
| scoring_system |
epss |
| scoring_elements |
0.73025 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00747 |
| scoring_system |
epss |
| scoring_elements |
0.73062 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00747 |
| scoring_system |
epss |
| scoring_elements |
0.73075 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00747 |
| scoring_system |
epss |
| scoring_elements |
0.73099 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-14603 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
|
| 136 |
|
| 137 |
|
| 138 |
|
| 139 |
|
| 140 |
|
| 141 |
|
| 142 |
|
| 143 |
|
| 144 |
|
| 145 |
|
| 146 |
|
| 147 |
|
| 148 |
|
| 149 |
|
| 150 |
|
| 151 |
|
| 152 |
|
| 153 |
|
| 154 |
|
| 155 |
|
| 156 |
|
| 157 |
|
| 158 |
|
| 159 |
|
| 160 |
|
| 161 |
|
| 162 |
|
| 163 |
|
| 164 |
|
| 165 |
|
| 166 |
|
| 167 |
|
| 168 |
|
| 169 |
|
| 170 |
|
| 171 |
|
| 172 |
|
| 173 |
|
| 174 |
|
| 175 |
|
| 176 |
|
| 177 |
|
| 178 |
|
| 179 |
|
| 180 |
|
| 181 |
|
| 182 |
|
| 183 |
|
| 184 |
|
| 185 |
|
| 186 |
|
| 187 |
|
| 188 |
|
| 189 |
|
| 190 |
|
| 191 |
|
| 192 |
|
| 193 |
|
| 194 |
|
| 195 |
|
| 196 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-14603
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dpra-jbea-4fcy |
|
| 84 |
| url |
VCID-e1yx-dxa6-1bba |
| vulnerability_id |
VCID-e1yx-dxa6-1bba |
| summary |
Multiple vulnerabilities have been found in the Oracle JRE/JDK,
allowing attackers to cause unspecified impact. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3389 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03832 |
| scoring_system |
epss |
| scoring_elements |
0.8816 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.03832 |
| scoring_system |
epss |
| scoring_elements |
0.88159 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.03832 |
| scoring_system |
epss |
| scoring_elements |
0.88099 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.03832 |
| scoring_system |
epss |
| scoring_elements |
0.88108 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.03832 |
| scoring_system |
epss |
| scoring_elements |
0.88124 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.03832 |
| scoring_system |
epss |
| scoring_elements |
0.88131 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.03832 |
| scoring_system |
epss |
| scoring_elements |
0.8815 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.03832 |
| scoring_system |
epss |
| scoring_elements |
0.88156 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.03832 |
| scoring_system |
epss |
| scoring_elements |
0.88165 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3389 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-3389
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e1yx-dxa6-1bba |
|
| 85 |
| url |
VCID-e3vd-dhyn-1qfa |
| vulnerability_id |
VCID-e3vd-dhyn-1qfa |
| summary |
Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2006-1827 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03378 |
| scoring_system |
epss |
| scoring_elements |
0.87327 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.03378 |
| scoring_system |
epss |
| scoring_elements |
0.87337 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.03378 |
| scoring_system |
epss |
| scoring_elements |
0.87353 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.03378 |
| scoring_system |
epss |
| scoring_elements |
0.87372 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.03378 |
| scoring_system |
epss |
| scoring_elements |
0.87379 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.03378 |
| scoring_system |
epss |
| scoring_elements |
0.87391 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.03378 |
| scoring_system |
epss |
| scoring_elements |
0.87386 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.03378 |
| scoring_system |
epss |
| scoring_elements |
0.87382 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2006-1827 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2006-1827
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e3vd-dhyn-1qfa |
|
| 86 |
| url |
VCID-e7t9-pdx7-5kgm |
| vulnerability_id |
VCID-e7t9-pdx7-5kgm |
| summary |
Multiple vulnerabilities in Asterisk might allow unauthenticated
remote attackers to execute arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1175 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51854 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51747 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51797 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51822 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51783 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51838 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51836 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51888 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00284 |
| scoring_system |
epss |
| scoring_elements |
0.51869 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1175 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-1175
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e7t9-pdx7-5kgm |
|
| 87 |
| url |
VCID-ebcm-kjvz-73cz |
| vulnerability_id |
VCID-ebcm-kjvz-73cz |
| summary |
Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1558 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.17453 |
| scoring_system |
epss |
| scoring_elements |
0.95042 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.17453 |
| scoring_system |
epss |
| scoring_elements |
0.95053 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.17453 |
| scoring_system |
epss |
| scoring_elements |
0.95055 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.17453 |
| scoring_system |
epss |
| scoring_elements |
0.95063 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.17453 |
| scoring_system |
epss |
| scoring_elements |
0.95066 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.17453 |
| scoring_system |
epss |
| scoring_elements |
0.95071 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.17453 |
| scoring_system |
epss |
| scoring_elements |
0.95072 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.17453 |
| scoring_system |
epss |
| scoring_elements |
0.95075 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1558 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-1558
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ebcm-kjvz-73cz |
|
| 88 |
| url |
VCID-ed6c-6srd-67f6 |
| vulnerability_id |
VCID-ed6c-6srd-67f6 |
| summary |
Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2003-0761 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32576 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32711 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32746 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32568 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32615 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32641 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32643 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32605 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32578 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2003-0761 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2003-0761
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ed6c-6srd-67f6 |
|
| 89 |
| url |
VCID-edp8-yh2h-xuck |
| vulnerability_id |
VCID-edp8-yh2h-xuck |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which could lead to Denial of Service, bypass intended ACL restrictions or
allow an authenticated user to gain escalated privileges. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-9374 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.45774 |
| scoring_system |
epss |
| scoring_elements |
0.97622 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.45774 |
| scoring_system |
epss |
| scoring_elements |
0.97599 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.45774 |
| scoring_system |
epss |
| scoring_elements |
0.97605 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.45774 |
| scoring_system |
epss |
| scoring_elements |
0.97608 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.45774 |
| scoring_system |
epss |
| scoring_elements |
0.97609 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.45774 |
| scoring_system |
epss |
| scoring_elements |
0.97614 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.45774 |
| scoring_system |
epss |
| scoring_elements |
0.97616 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.45774 |
| scoring_system |
epss |
| scoring_elements |
0.97619 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.45774 |
| scoring_system |
epss |
| scoring_elements |
0.97621 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-9374 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-9374
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-edp8-yh2h-xuck |
|
| 90 |
| url |
VCID-ehd7-39bz-2ybk |
| vulnerability_id |
VCID-ehd7-39bz-2ybk |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which may allow execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-5976 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.29742 |
| scoring_system |
epss |
| scoring_elements |
0.96628 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.29742 |
| scoring_system |
epss |
| scoring_elements |
0.96596 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.29742 |
| scoring_system |
epss |
| scoring_elements |
0.96605 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.29742 |
| scoring_system |
epss |
| scoring_elements |
0.96609 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.29742 |
| scoring_system |
epss |
| scoring_elements |
0.96613 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.29742 |
| scoring_system |
epss |
| scoring_elements |
0.96621 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.29742 |
| scoring_system |
epss |
| scoring_elements |
0.96623 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.29742 |
| scoring_system |
epss |
| scoring_elements |
0.96625 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.29742 |
| scoring_system |
epss |
| scoring_elements |
0.96626 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-5976 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
|
| 136 |
|
| 137 |
|
| 138 |
|
| 139 |
|
| 140 |
|
| 141 |
|
| 142 |
|
| 143 |
|
| 144 |
|
| 145 |
|
| 146 |
|
| 147 |
|
| 148 |
|
| 149 |
|
| 150 |
|
| 151 |
|
| 152 |
|
| 153 |
|
| 154 |
|
| 155 |
|
| 156 |
|
| 157 |
|
| 158 |
|
| 159 |
|
| 160 |
|
| 161 |
|
| 162 |
|
| 163 |
|
| 164 |
|
| 165 |
|
| 166 |
|
| 167 |
|
| 168 |
|
| 169 |
|
| 170 |
|
| 171 |
|
| 172 |
|
| 173 |
|
| 174 |
|
| 175 |
|
| 176 |
|
| 177 |
|
| 178 |
|
| 179 |
|
| 180 |
|
| 181 |
|
| 182 |
|
| 183 |
|
| 184 |
|
| 185 |
|
| 186 |
|
| 187 |
|
| 188 |
|
| 189 |
|
| 190 |
|
| 191 |
|
| 192 |
|
| 193 |
|
| 194 |
|
| 195 |
|
| 196 |
|
| 197 |
|
| 198 |
|
| 199 |
|
| 200 |
|
| 201 |
|
| 202 |
|
| 203 |
|
| 204 |
|
| 205 |
|
| 206 |
|
| 207 |
|
| 208 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-5976
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ehd7-39bz-2ybk |
|
| 91 |
| url |
VCID-ehx4-qzgr-qbd9 |
| vulnerability_id |
VCID-ehx4-qzgr-qbd9 |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the
worst of which could allow privileged users to execute arbitrary system
shell commands. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-4047 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03038 |
| scoring_system |
epss |
| scoring_elements |
0.86671 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.03038 |
| scoring_system |
epss |
| scoring_elements |
0.86609 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.03038 |
| scoring_system |
epss |
| scoring_elements |
0.8662 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.03038 |
| scoring_system |
epss |
| scoring_elements |
0.8664 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.03038 |
| scoring_system |
epss |
| scoring_elements |
0.86639 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.03038 |
| scoring_system |
epss |
| scoring_elements |
0.86657 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.03038 |
| scoring_system |
epss |
| scoring_elements |
0.86667 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.03038 |
| scoring_system |
epss |
| scoring_elements |
0.8668 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.03038 |
| scoring_system |
epss |
| scoring_elements |
0.86678 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-4047 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
|
| 136 |
|
| 137 |
|
| 138 |
|
| 139 |
|
| 140 |
|
| 141 |
|
| 142 |
|
| 143 |
|
| 144 |
|
| 145 |
|
| 146 |
|
| 147 |
|
| 148 |
|
| 149 |
|
| 150 |
|
| 151 |
|
| 152 |
|
| 153 |
|
| 154 |
|
| 155 |
|
| 156 |
|
| 157 |
|
| 158 |
|
| 159 |
|
| 160 |
|
| 161 |
|
| 162 |
|
| 163 |
|
| 164 |
|
| 165 |
|
| 166 |
|
| 167 |
|
| 168 |
|
| 169 |
|
| 170 |
|
| 171 |
|
| 172 |
|
| 173 |
|
| 174 |
|
| 175 |
|
| 176 |
|
| 177 |
|
| 178 |
|
| 179 |
|
| 180 |
|
| 181 |
|
| 182 |
|
| 183 |
|
| 184 |
|
| 185 |
|
| 186 |
|
| 187 |
|
| 188 |
|
| 189 |
|
| 190 |
|
| 191 |
|
| 192 |
|
| 193 |
|
| 194 |
|
| 195 |
|
| 196 |
|
| 197 |
|
| 198 |
|
| 199 |
|
| 200 |
|
| 201 |
|
| 202 |
|
| 203 |
|
| 204 |
|
| 205 |
|
| 206 |
|
| 207 |
|
| 208 |
|
| 209 |
|
| 210 |
|
| 211 |
|
| 212 |
|
| 213 |
|
| 214 |
|
| 215 |
|
| 216 |
|
| 217 |
|
| 218 |
|
| 219 |
|
| 220 |
|
| 221 |
|
| 222 |
|
| 223 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-4047
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ehx4-qzgr-qbd9 |
|
| 92 |
| url |
VCID-ennr-ek9z-a7db |
| vulnerability_id |
VCID-ennr-ek9z-a7db |
| summary |
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0685 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23726 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23844 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23884 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23672 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23742 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23788 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23803 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23759 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0008 |
| scoring_system |
epss |
| scoring_elements |
0.23703 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0685 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-0685
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ennr-ek9z-a7db |
|
| 93 |
| url |
VCID-epzp-dpmr-33df |
| vulnerability_id |
VCID-epzp-dpmr-33df |
| summary |
Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-32686 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02081 |
| scoring_system |
epss |
| scoring_elements |
0.83919 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02081 |
| scoring_system |
epss |
| scoring_elements |
0.83934 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.02769 |
| scoring_system |
epss |
| scoring_elements |
0.85996 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.02769 |
| scoring_system |
epss |
| scoring_elements |
0.85995 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02769 |
| scoring_system |
epss |
| scoring_elements |
0.86015 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02769 |
| scoring_system |
epss |
| scoring_elements |
0.86025 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02769 |
| scoring_system |
epss |
| scoring_elements |
0.86039 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02769 |
| scoring_system |
epss |
| scoring_elements |
0.86037 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02769 |
| scoring_system |
epss |
| scoring_elements |
0.86032 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-32686 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-32686
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-epzp-dpmr-33df |
|
| 94 |
| url |
VCID-eund-5mfa-9kbn |
| vulnerability_id |
VCID-eund-5mfa-9kbn |
| summary |
security update |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-17090 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.80582 |
| scoring_system |
epss |
| scoring_elements |
0.99136 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.80582 |
| scoring_system |
epss |
| scoring_elements |
0.99135 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.80582 |
| scoring_system |
epss |
| scoring_elements |
0.99126 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.80582 |
| scoring_system |
epss |
| scoring_elements |
0.99128 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.80582 |
| scoring_system |
epss |
| scoring_elements |
0.9913 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.80582 |
| scoring_system |
epss |
| scoring_elements |
0.99133 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-17090 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-17090
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eund-5mfa-9kbn |
|
| 95 |
| url |
VCID-f1y5-37zk-x3ey |
| vulnerability_id |
VCID-f1y5-37zk-x3ey |
| summary |
The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-8413 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55963 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55825 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55936 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55958 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55987 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.5599 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.5598 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-8413 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8413
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f1y5-37zk-x3ey |
|
| 96 |
| url |
VCID-f4br-7sgk-27cf |
| vulnerability_id |
VCID-f4br-7sgk-27cf |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which could lead to Denial of Service. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-6610 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01519 |
| scoring_system |
epss |
| scoring_elements |
0.81244 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.01519 |
| scoring_system |
epss |
| scoring_elements |
0.81181 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01519 |
| scoring_system |
epss |
| scoring_elements |
0.81189 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01519 |
| scoring_system |
epss |
| scoring_elements |
0.81212 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01519 |
| scoring_system |
epss |
| scoring_elements |
0.8124 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01519 |
| scoring_system |
epss |
| scoring_elements |
0.81245 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01519 |
| scoring_system |
epss |
| scoring_elements |
0.81266 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01519 |
| scoring_system |
epss |
| scoring_elements |
0.81252 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-6610 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-6610
|
| risk_score |
1.8 |
| exploitability |
0.5 |
| weighted_severity |
3.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f4br-7sgk-27cf |
|
| 97 |
| url |
VCID-f5qc-tsbr-1yap |
| vulnerability_id |
VCID-f5qc-tsbr-1yap |
| summary |
Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43804 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.003 |
| scoring_system |
epss |
| scoring_elements |
0.53266 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.003 |
| scoring_system |
epss |
| scoring_elements |
0.5329 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.003 |
| scoring_system |
epss |
| scoring_elements |
0.53315 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.003 |
| scoring_system |
epss |
| scoring_elements |
0.53285 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.003 |
| scoring_system |
epss |
| scoring_elements |
0.53337 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.003 |
| scoring_system |
epss |
| scoring_elements |
0.53332 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.003 |
| scoring_system |
epss |
| scoring_elements |
0.53383 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.003 |
| scoring_system |
epss |
| scoring_elements |
0.53366 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.003 |
| scoring_system |
epss |
| scoring_elements |
0.5335 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43804 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-43804
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f5qc-tsbr-1yap |
|
| 98 |
| url |
VCID-fdpu-1891-q3a6 |
| vulnerability_id |
VCID-fdpu-1891-q3a6 |
| summary |
asterisk allows calls on prohibited networks |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-3723 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00653 |
| scoring_system |
epss |
| scoring_elements |
0.70898 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00653 |
| scoring_system |
epss |
| scoring_elements |
0.70914 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00653 |
| scoring_system |
epss |
| scoring_elements |
0.7084 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00653 |
| scoring_system |
epss |
| scoring_elements |
0.70854 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00653 |
| scoring_system |
epss |
| scoring_elements |
0.70873 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00653 |
| scoring_system |
epss |
| scoring_elements |
0.70847 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00653 |
| scoring_system |
epss |
| scoring_elements |
0.70891 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00653 |
| scoring_system |
epss |
| scoring_elements |
0.70906 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00653 |
| scoring_system |
epss |
| scoring_elements |
0.7093 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-3723 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-3723
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fdpu-1891-q3a6 |
|
| 99 |
| url |
VCID-fjzf-5rtw-rqfj |
| vulnerability_id |
VCID-fjzf-5rtw-rqfj |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-26906 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00811 |
| scoring_system |
epss |
| scoring_elements |
0.74179 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00811 |
| scoring_system |
epss |
| scoring_elements |
0.74184 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00811 |
| scoring_system |
epss |
| scoring_elements |
0.74212 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00811 |
| scoring_system |
epss |
| scoring_elements |
0.74217 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00811 |
| scoring_system |
epss |
| scoring_elements |
0.74232 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00811 |
| scoring_system |
epss |
| scoring_elements |
0.74253 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00811 |
| scoring_system |
epss |
| scoring_elements |
0.74235 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00811 |
| scoring_system |
epss |
| scoring_elements |
0.74227 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-26906 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-26906
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fjzf-5rtw-rqfj |
|
| 100 |
| url |
VCID-fndq-j9d2-afed |
| vulnerability_id |
VCID-fndq-j9d2-afed |
| summary |
A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-17664 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01276 |
| scoring_system |
epss |
| scoring_elements |
0.79547 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.01276 |
| scoring_system |
epss |
| scoring_elements |
0.79556 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.01276 |
| scoring_system |
epss |
| scoring_elements |
0.79499 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.01276 |
| scoring_system |
epss |
| scoring_elements |
0.79506 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.01276 |
| scoring_system |
epss |
| scoring_elements |
0.79528 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.01276 |
| scoring_system |
epss |
| scoring_elements |
0.79515 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.01276 |
| scoring_system |
epss |
| scoring_elements |
0.79543 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.01276 |
| scoring_system |
epss |
| scoring_elements |
0.7955 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.01276 |
| scoring_system |
epss |
| scoring_elements |
0.79572 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-17664 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-17664
|
| risk_score |
2.6 |
| exploitability |
0.5 |
| weighted_severity |
5.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fndq-j9d2-afed |
|
| 101 |
| url |
VCID-fz7z-xttk-13by |
| vulnerability_id |
VCID-fz7z-xttk-13by |
| summary |
security update |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-7551 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0663 |
| scoring_system |
epss |
| scoring_elements |
0.91192 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.0663 |
| scoring_system |
epss |
| scoring_elements |
0.91189 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.0663 |
| scoring_system |
epss |
| scoring_elements |
0.91141 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0663 |
| scoring_system |
epss |
| scoring_elements |
0.91146 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0663 |
| scoring_system |
epss |
| scoring_elements |
0.91155 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0663 |
| scoring_system |
epss |
| scoring_elements |
0.91162 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0663 |
| scoring_system |
epss |
| scoring_elements |
0.91176 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0663 |
| scoring_system |
epss |
| scoring_elements |
0.91182 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-7551 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-7551
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fz7z-xttk-13by |
|
| 102 |
| url |
VCID-fzs1-dj22-7fff |
| vulnerability_id |
VCID-fzs1-dj22-7fff |
| summary |
Multiple vulnerabilities in Asterisk might allow remote attackers to cause
a Denial of Service condition, or conduct other attacks. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-2726 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.3069 |
| scoring_system |
epss |
| scoring_elements |
0.96688 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.3069 |
| scoring_system |
epss |
| scoring_elements |
0.96699 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.3069 |
| scoring_system |
epss |
| scoring_elements |
0.96701 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.3069 |
| scoring_system |
epss |
| scoring_elements |
0.96705 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.3069 |
| scoring_system |
epss |
| scoring_elements |
0.96712 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.3069 |
| scoring_system |
epss |
| scoring_elements |
0.96714 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.3069 |
| scoring_system |
epss |
| scoring_elements |
0.96717 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.3069 |
| scoring_system |
epss |
| scoring_elements |
0.9672 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-2726 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-2726
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fzs1-dj22-7fff |
|
| 103 |
| url |
VCID-g6cn-x656-5fcw |
| vulnerability_id |
VCID-g6cn-x656-5fcw |
| summary |
Asterisk is vulnerable to the remote execution of arbitrary code or a
Denial of Service. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2006-4346 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02329 |
| scoring_system |
epss |
| scoring_elements |
0.84751 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02329 |
| scoring_system |
epss |
| scoring_elements |
0.84766 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.02329 |
| scoring_system |
epss |
| scoring_elements |
0.84785 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.02329 |
| scoring_system |
epss |
| scoring_elements |
0.84786 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02329 |
| scoring_system |
epss |
| scoring_elements |
0.84809 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02329 |
| scoring_system |
epss |
| scoring_elements |
0.84815 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02329 |
| scoring_system |
epss |
| scoring_elements |
0.84834 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02329 |
| scoring_system |
epss |
| scoring_elements |
0.8483 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02329 |
| scoring_system |
epss |
| scoring_elements |
0.84825 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2006-4346 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2006-4346
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g6cn-x656-5fcw |
|
| 104 |
| url |
VCID-ge7t-fqyp-vyhz |
| vulnerability_id |
VCID-ge7t-fqyp-vyhz |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-26713 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43675 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43731 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43756 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43689 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.4374 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43743 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43763 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.4373 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43714 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-26713 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-26713
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ge7t-fqyp-vyhz |
|
| 105 |
| url |
VCID-ggu9-8qd1-4ffx |
| vulnerability_id |
VCID-ggu9-8qd1-4ffx |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-7286 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.54632 |
| scoring_system |
epss |
| scoring_elements |
0.98016 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.54632 |
| scoring_system |
epss |
| scoring_elements |
0.98021 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.54632 |
| scoring_system |
epss |
| scoring_elements |
0.98023 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.54632 |
| scoring_system |
epss |
| scoring_elements |
0.98024 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.54632 |
| scoring_system |
epss |
| scoring_elements |
0.98028 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.54632 |
| scoring_system |
epss |
| scoring_elements |
0.98029 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.54632 |
| scoring_system |
epss |
| scoring_elements |
0.98034 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.54632 |
| scoring_system |
epss |
| scoring_elements |
0.98035 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-7286 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-7286
|
| risk_score |
1.0 |
| exploitability |
2.0 |
| weighted_severity |
0.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ggu9-8qd1-4ffx |
|
| 106 |
| url |
VCID-gkcp-1zz6-tfb5 |
| vulnerability_id |
VCID-gkcp-1zz6-tfb5 |
| summary |
A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-28327 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02764 |
| scoring_system |
epss |
| scoring_elements |
0.85963 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02764 |
| scoring_system |
epss |
| scoring_elements |
0.85974 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.02764 |
| scoring_system |
epss |
| scoring_elements |
0.8599 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.02764 |
| scoring_system |
epss |
| scoring_elements |
0.85989 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02764 |
| scoring_system |
epss |
| scoring_elements |
0.86008 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02764 |
| scoring_system |
epss |
| scoring_elements |
0.86018 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02764 |
| scoring_system |
epss |
| scoring_elements |
0.86032 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02764 |
| scoring_system |
epss |
| scoring_elements |
0.8603 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02764 |
| scoring_system |
epss |
| scoring_elements |
0.86026 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-28327 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-28327
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gkcp-1zz6-tfb5 |
|
| 107 |
| url |
VCID-grs7-fu68-2ff3 |
| vulnerability_id |
VCID-grs7-fu68-2ff3 |
| summary |
Asterisk contains a bug in the IAX2 channel driver making it vulnerable to
the remote execution of arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2006-2898 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00324 |
| scoring_system |
epss |
| scoring_elements |
0.55331 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00324 |
| scoring_system |
epss |
| scoring_elements |
0.55443 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00324 |
| scoring_system |
epss |
| scoring_elements |
0.55467 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00324 |
| scoring_system |
epss |
| scoring_elements |
0.55445 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00324 |
| scoring_system |
epss |
| scoring_elements |
0.55497 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00324 |
| scoring_system |
epss |
| scoring_elements |
0.55498 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00324 |
| scoring_system |
epss |
| scoring_elements |
0.55508 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00324 |
| scoring_system |
epss |
| scoring_elements |
0.55486 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00324 |
| scoring_system |
epss |
| scoring_elements |
0.55469 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2006-2898 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2006-2898
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-grs7-fu68-2ff3 |
|
| 108 |
| url |
VCID-gy3u-c6dc-sbbn |
| vulnerability_id |
VCID-gy3u-c6dc-sbbn |
| summary |
An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-53566 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15466 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15548 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15603 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15567 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.1553 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15594 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15662 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15461 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-53566 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-53566
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gy3u-c6dc-sbbn |
|
| 109 |
| url |
VCID-h193-vjhb-j3a3 |
| vulnerability_id |
VCID-h193-vjhb-j3a3 |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-32558 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02875 |
| scoring_system |
epss |
| scoring_elements |
0.86214 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02875 |
| scoring_system |
epss |
| scoring_elements |
0.86224 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.02875 |
| scoring_system |
epss |
| scoring_elements |
0.86241 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.02875 |
| scoring_system |
epss |
| scoring_elements |
0.86242 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02875 |
| scoring_system |
epss |
| scoring_elements |
0.86261 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02875 |
| scoring_system |
epss |
| scoring_elements |
0.86271 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02875 |
| scoring_system |
epss |
| scoring_elements |
0.86286 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02875 |
| scoring_system |
epss |
| scoring_elements |
0.86283 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02875 |
| scoring_system |
epss |
| scoring_elements |
0.86279 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-32558 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-32558
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h193-vjhb-j3a3 |
|
| 110 |
| url |
VCID-h52b-ubb6-byh1 |
| vulnerability_id |
VCID-h52b-ubb6-byh1 |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which may allow execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2686 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02448 |
| scoring_system |
epss |
| scoring_elements |
0.85194 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.02448 |
| scoring_system |
epss |
| scoring_elements |
0.85123 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.02448 |
| scoring_system |
epss |
| scoring_elements |
0.85135 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.02448 |
| scoring_system |
epss |
| scoring_elements |
0.85153 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.02448 |
| scoring_system |
epss |
| scoring_elements |
0.85155 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.02448 |
| scoring_system |
epss |
| scoring_elements |
0.85177 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.02448 |
| scoring_system |
epss |
| scoring_elements |
0.85185 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.02448 |
| scoring_system |
epss |
| scoring_elements |
0.852 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.02448 |
| scoring_system |
epss |
| scoring_elements |
0.85197 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2686 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
|
| 136 |
|
| 137 |
|
| 138 |
|
| 139 |
|
| 140 |
|
| 141 |
|
| 142 |
|
| 143 |
|
| 144 |
|
| 145 |
|
| 146 |
|
| 147 |
|
| 148 |
|
| 149 |
|
| 150 |
|
| 151 |
|
| 152 |
|
| 153 |
|
| 154 |
|
| 155 |
|
| 156 |
|
| 157 |
|
| 158 |
|
| 159 |
|
| 160 |
|
| 161 |
|
| 162 |
|
| 163 |
|
| 164 |
|
| 165 |
|
| 166 |
|
| 167 |
|
| 168 |
|
| 169 |
|
| 170 |
|
| 171 |
|
| 172 |
|
| 173 |
|
| 174 |
|
| 175 |
|
| 176 |
|
| 177 |
|
| 178 |
|
| 179 |
|
| 180 |
|
| 181 |
|
| 182 |
|
| 183 |
|
| 184 |
|
| 185 |
|
| 186 |
|
| 187 |
|
| 188 |
|
| 189 |
|
| 190 |
|
| 191 |
|
| 192 |
|
| 193 |
|
| 194 |
|
| 195 |
|
| 196 |
|
| 197 |
|
| 198 |
|
| 199 |
|
| 200 |
|
| 201 |
|
| 202 |
|
| 203 |
|
| 204 |
|
| 205 |
|
| 206 |
|
| 207 |
|
| 208 |
|
| 209 |
|
| 210 |
|
| 211 |
|
| 212 |
|
| 213 |
|
| 214 |
|
| 215 |
|
| 216 |
|
| 217 |
|
| 218 |
|
| 219 |
|
| 220 |
|
| 221 |
|
| 222 |
|
| 223 |
|
| 224 |
|
| 225 |
|
| 226 |
|
| 227 |
|
| 228 |
|
| 229 |
|
| 230 |
|
| 231 |
|
| 232 |
|
| 233 |
|
| 234 |
|
| 235 |
|
| 236 |
|
| 237 |
|
| 238 |
|
| 239 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-2686
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h52b-ubb6-byh1 |
|
| 111 |
| url |
VCID-h8nm-exgj-xybc |
| vulnerability_id |
VCID-h8nm-exgj-xybc |
| summary |
Multiple vulnerabilities in Asterisk might allow remote attackers to cause
a Denial of Service condition, or conduct other attacks. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-4055 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00524 |
| scoring_system |
epss |
| scoring_elements |
0.66855 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00524 |
| scoring_system |
epss |
| scoring_elements |
0.66892 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00524 |
| scoring_system |
epss |
| scoring_elements |
0.66919 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00524 |
| scoring_system |
epss |
| scoring_elements |
0.66941 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00524 |
| scoring_system |
epss |
| scoring_elements |
0.66954 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00524 |
| scoring_system |
epss |
| scoring_elements |
0.66974 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00524 |
| scoring_system |
epss |
| scoring_elements |
0.6696 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00524 |
| scoring_system |
epss |
| scoring_elements |
0.66929 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-4055 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-4055
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h8nm-exgj-xybc |
|
| 112 |
| url |
VCID-hj93-7z1r-vkfk |
| vulnerability_id |
VCID-hj93-7z1r-vkfk |
| summary |
Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24763 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01403 |
| scoring_system |
epss |
| scoring_elements |
0.80395 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.01403 |
| scoring_system |
epss |
| scoring_elements |
0.80416 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.01403 |
| scoring_system |
epss |
| scoring_elements |
0.80405 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.01403 |
| scoring_system |
epss |
| scoring_elements |
0.80434 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.01403 |
| scoring_system |
epss |
| scoring_elements |
0.80444 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.01403 |
| scoring_system |
epss |
| scoring_elements |
0.80463 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.01403 |
| scoring_system |
epss |
| scoring_elements |
0.80448 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.01403 |
| scoring_system |
epss |
| scoring_elements |
0.80441 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24763 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-24763
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hj93-7z1r-vkfk |
|
| 113 |
| url |
VCID-huqt-1fv6-67cz |
| vulnerability_id |
VCID-huqt-1fv6-67cz |
| summary |
An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35652 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.30039 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.30077 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.30124 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.29937 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.29998 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.30033 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.29994 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00114 |
| scoring_system |
epss |
| scoring_elements |
0.29945 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35652 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-35652
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-huqt-1fv6-67cz |
|
| 114 |
| url |
VCID-hvmt-7qk8-wqh1 |
| vulnerability_id |
VCID-hvmt-7qk8-wqh1 |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which may allow execution of arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-5642 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05078 |
| scoring_system |
epss |
| scoring_elements |
0.89758 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.05078 |
| scoring_system |
epss |
| scoring_elements |
0.89761 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.05078 |
| scoring_system |
epss |
| scoring_elements |
0.89776 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.05078 |
| scoring_system |
epss |
| scoring_elements |
0.89779 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.05078 |
| scoring_system |
epss |
| scoring_elements |
0.89796 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.05078 |
| scoring_system |
epss |
| scoring_elements |
0.89803 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.05078 |
| scoring_system |
epss |
| scoring_elements |
0.89809 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.05078 |
| scoring_system |
epss |
| scoring_elements |
0.89807 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.05078 |
| scoring_system |
epss |
| scoring_elements |
0.898 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-5642 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-5642
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hvmt-7qk8-wqh1 |
|
| 115 |
| url |
VCID-j3wr-j8e1-tbeq |
| vulnerability_id |
VCID-j3wr-j8e1-tbeq |
| summary |
Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2005-3559 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05519 |
| scoring_system |
epss |
| scoring_elements |
0.90248 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.05519 |
| scoring_system |
epss |
| scoring_elements |
0.90204 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.05519 |
| scoring_system |
epss |
| scoring_elements |
0.90207 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.05519 |
| scoring_system |
epss |
| scoring_elements |
0.9022 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.05519 |
| scoring_system |
epss |
| scoring_elements |
0.90224 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.05519 |
| scoring_system |
epss |
| scoring_elements |
0.90239 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.05519 |
| scoring_system |
epss |
| scoring_elements |
0.90246 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.05519 |
| scoring_system |
epss |
| scoring_elements |
0.90254 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.05519 |
| scoring_system |
epss |
| scoring_elements |
0.90253 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2005-3559 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
|
| fixed_packages |
|
| aliases |
CVE-2005-3559
|
| risk_score |
9.0 |
| exploitability |
2.0 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j3wr-j8e1-tbeq |
|
| 116 |
| url |
VCID-jez3-sw2r-r3d6 |
| vulnerability_id |
VCID-jez3-sw2r-r3d6 |
| summary |
An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9937 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56846 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56941 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56963 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56939 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.5699 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56993 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.57 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.5698 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56956 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9937 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9937
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jez3-sw2r-r3d6 |
|
| 117 |
| url |
VCID-jwaj-b8n5-bbcx |
| vulnerability_id |
VCID-jwaj-b8n5-bbcx |
| summary |
asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-7550 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31273 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31413 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31454 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31326 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31356 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31361 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31317 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31278 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-7550 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-7550
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jwaj-b8n5-bbcx |
|
| 118 |
| url |
VCID-k1zu-wpsb-wyh3 |
| vulnerability_id |
VCID-k1zu-wpsb-wyh3 |
| summary |
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9358 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01188 |
| scoring_system |
epss |
| scoring_elements |
0.78764 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01188 |
| scoring_system |
epss |
| scoring_elements |
0.78771 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01188 |
| scoring_system |
epss |
| scoring_elements |
0.78802 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01188 |
| scoring_system |
epss |
| scoring_elements |
0.78784 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01188 |
| scoring_system |
epss |
| scoring_elements |
0.7881 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01188 |
| scoring_system |
epss |
| scoring_elements |
0.78817 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01188 |
| scoring_system |
epss |
| scoring_elements |
0.78841 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01188 |
| scoring_system |
epss |
| scoring_elements |
0.78824 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01188 |
| scoring_system |
epss |
| scoring_elements |
0.78815 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-9358 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-9358
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k1zu-wpsb-wyh3 |
|
| 119 |
| url |
VCID-kby8-5rnd-fffs |
| vulnerability_id |
VCID-kby8-5rnd-fffs |
| summary |
Asterisk is vulnerable to Denial of Service in the SIP channel. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-1306 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.197 |
| scoring_system |
epss |
| scoring_elements |
0.9543 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.197 |
| scoring_system |
epss |
| scoring_elements |
0.95396 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.197 |
| scoring_system |
epss |
| scoring_elements |
0.95405 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.197 |
| scoring_system |
epss |
| scoring_elements |
0.95412 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.197 |
| scoring_system |
epss |
| scoring_elements |
0.95415 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.197 |
| scoring_system |
epss |
| scoring_elements |
0.95422 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.197 |
| scoring_system |
epss |
| scoring_elements |
0.95424 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.197 |
| scoring_system |
epss |
| scoring_elements |
0.95428 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-1306 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-1306
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kby8-5rnd-fffs |
|
| 120 |
| url |
VCID-kdex-mwf6-13br |
| vulnerability_id |
VCID-kdex-mwf6-13br |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which may allow execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-2186 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00465 |
| scoring_system |
epss |
| scoring_elements |
0.64361 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00465 |
| scoring_system |
epss |
| scoring_elements |
0.64282 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00465 |
| scoring_system |
epss |
| scoring_elements |
0.6434 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00465 |
| scoring_system |
epss |
| scoring_elements |
0.64369 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00465 |
| scoring_system |
epss |
| scoring_elements |
0.64328 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00465 |
| scoring_system |
epss |
| scoring_elements |
0.64376 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00465 |
| scoring_system |
epss |
| scoring_elements |
0.64391 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00465 |
| scoring_system |
epss |
| scoring_elements |
0.64403 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00465 |
| scoring_system |
epss |
| scoring_elements |
0.6439 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-2186 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-2186
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kdex-mwf6-13br |
|
| 121 |
| url |
VCID-m27d-dqzg-w7gr |
| vulnerability_id |
VCID-m27d-dqzg-w7gr |
| summary |
Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7617 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.22039 |
| scoring_system |
epss |
| scoring_elements |
0.95782 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.22039 |
| scoring_system |
epss |
| scoring_elements |
0.9578 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.22039 |
| scoring_system |
epss |
| scoring_elements |
0.95745 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.22039 |
| scoring_system |
epss |
| scoring_elements |
0.95754 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.22039 |
| scoring_system |
epss |
| scoring_elements |
0.95762 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.22039 |
| scoring_system |
epss |
| scoring_elements |
0.95765 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.22039 |
| scoring_system |
epss |
| scoring_elements |
0.95774 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.22039 |
| scoring_system |
epss |
| scoring_elements |
0.95777 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.22039 |
| scoring_system |
epss |
| scoring_elements |
0.95781 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7617 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-7617
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
7.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m27d-dqzg-w7gr |
|
| 122 |
| url |
VCID-m3gv-mmcp-t7fz |
| vulnerability_id |
VCID-m3gv-mmcp-t7fz |
| summary |
Asterisk: Remote DoS via specially-crafted FaxMaxDatagram SDP packets (AST-2010-001) |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0441 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03526 |
| scoring_system |
epss |
| scoring_elements |
0.87598 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.03526 |
| scoring_system |
epss |
| scoring_elements |
0.87608 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.03526 |
| scoring_system |
epss |
| scoring_elements |
0.87621 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.03526 |
| scoring_system |
epss |
| scoring_elements |
0.87624 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.03526 |
| scoring_system |
epss |
| scoring_elements |
0.87643 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.03526 |
| scoring_system |
epss |
| scoring_elements |
0.87649 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.03526 |
| scoring_system |
epss |
| scoring_elements |
0.87661 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.03526 |
| scoring_system |
epss |
| scoring_elements |
0.87656 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.03526 |
| scoring_system |
epss |
| scoring_elements |
0.87653 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0441 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-0441
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m3gv-mmcp-t7fz |
|
| 123 |
| url |
VCID-m9wv-atrb-c3ac |
| vulnerability_id |
VCID-m9wv-atrb-c3ac |
| summary |
The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-3765 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.7497 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.74973 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.75002 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.74978 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.75012 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.75024 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.75045 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.75014 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-3765 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-3765
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m9wv-atrb-c3ac |
|
| 124 |
| url |
VCID-mcd2-e66p-j3b7 |
| vulnerability_id |
VCID-mcd2-e66p-j3b7 |
| summary |
The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-2297 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02101 |
| scoring_system |
epss |
| scoring_elements |
0.84061 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.02101 |
| scoring_system |
epss |
| scoring_elements |
0.83992 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.02101 |
| scoring_system |
epss |
| scoring_elements |
0.84007 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.02101 |
| scoring_system |
epss |
| scoring_elements |
0.84024 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.02101 |
| scoring_system |
epss |
| scoring_elements |
0.84026 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.02101 |
| scoring_system |
epss |
| scoring_elements |
0.8405 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.02101 |
| scoring_system |
epss |
| scoring_elements |
0.84056 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.02101 |
| scoring_system |
epss |
| scoring_elements |
0.84073 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.02101 |
| scoring_system |
epss |
| scoring_elements |
0.84066 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-2297 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-2297
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mcd2-e66p-j3b7 |
|
| 125 |
| url |
VCID-mcfv-fuk8-cqaq |
| vulnerability_id |
VCID-mcfv-fuk8-cqaq |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which could lead to Denial of Service, bypass intended ACL restrictions or
allow an authenticated user to gain escalated privileges. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-8412 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00597 |
| scoring_system |
epss |
| scoring_elements |
0.69375 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00597 |
| scoring_system |
epss |
| scoring_elements |
0.69307 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00597 |
| scoring_system |
epss |
| scoring_elements |
0.69318 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00597 |
| scoring_system |
epss |
| scoring_elements |
0.69336 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00597 |
| scoring_system |
epss |
| scoring_elements |
0.69316 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00597 |
| scoring_system |
epss |
| scoring_elements |
0.69366 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00597 |
| scoring_system |
epss |
| scoring_elements |
0.69383 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00597 |
| scoring_system |
epss |
| scoring_elements |
0.69405 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00597 |
| scoring_system |
epss |
| scoring_elements |
0.69389 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-8412 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8412
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mcfv-fuk8-cqaq |
|
| 126 |
| url |
VCID-mmng-tcuj-wkhu |
| vulnerability_id |
VCID-mmng-tcuj-wkhu |
| summary |
An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-12228 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62085 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62106 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.61958 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62029 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.6206 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.6203 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.6208 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62097 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00422 |
| scoring_system |
epss |
| scoring_elements |
0.62117 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-12228 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-12228
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mmng-tcuj-wkhu |
|
| 127 |
| url |
VCID-mmqp-yesh-83c1 |
| vulnerability_id |
VCID-mmqp-yesh-83c1 |
| summary |
Multiple vulnerabilities in Asterisk might allow unauthenticated
remote attackers to execute arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2536 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40502 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40583 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.4061 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40532 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40582 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40592 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40611 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40574 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40554 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2536 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-2536
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mmqp-yesh-83c1 |
|
| 128 |
| url |
VCID-n6mj-v1nc-hke9 |
| vulnerability_id |
VCID-n6mj-v1nc-hke9 |
| summary |
Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24793 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00568 |
| scoring_system |
epss |
| scoring_elements |
0.68474 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00568 |
| scoring_system |
epss |
| scoring_elements |
0.68493 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00568 |
| scoring_system |
epss |
| scoring_elements |
0.68469 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00568 |
| scoring_system |
epss |
| scoring_elements |
0.68519 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00568 |
| scoring_system |
epss |
| scoring_elements |
0.68536 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00568 |
| scoring_system |
epss |
| scoring_elements |
0.68563 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00568 |
| scoring_system |
epss |
| scoring_elements |
0.6855 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00568 |
| scoring_system |
epss |
| scoring_elements |
0.68518 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24793 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-24793
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n6mj-v1nc-hke9 |
|
| 129 |
| url |
VCID-nbq8-qr83-qbh7 |
| vulnerability_id |
VCID-nbq8-qr83-qbh7 |
| summary |
Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2005-2081 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57309 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57202 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57283 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57306 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57282 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57333 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57336 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.5735 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.5733 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2005-2081 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2005-2081
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nbq8-qr83-qbh7 |
|
| 130 |
| url |
VCID-nf5d-nejq-mkd9 |
| vulnerability_id |
VCID-nf5d-nejq-mkd9 |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43303 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00454 |
| scoring_system |
epss |
| scoring_elements |
0.63734 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00454 |
| scoring_system |
epss |
| scoring_elements |
0.63795 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00527 |
| scoring_system |
epss |
| scoring_elements |
0.67112 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00527 |
| scoring_system |
epss |
| scoring_elements |
0.67086 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00527 |
| scoring_system |
epss |
| scoring_elements |
0.67136 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00527 |
| scoring_system |
epss |
| scoring_elements |
0.67148 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00527 |
| scoring_system |
epss |
| scoring_elements |
0.67167 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00527 |
| scoring_system |
epss |
| scoring_elements |
0.67153 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00527 |
| scoring_system |
epss |
| scoring_elements |
0.67122 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43303 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-43303
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nf5d-nejq-mkd9 |
|
| 131 |
| url |
VCID-ngds-k5mh-t3ae |
| vulnerability_id |
VCID-ngds-k5mh-t3ae |
| summary |
Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-31031 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72444 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72462 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72438 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72476 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72489 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72511 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72494 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72484 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-31031 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-31031
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ngds-k5mh-t3ae |
|
| 132 |
| url |
VCID-nzu7-8h1d-mbbw |
| vulnerability_id |
VCID-nzu7-8h1d-mbbw |
| summary |
The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-4597 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00685 |
| scoring_system |
epss |
| scoring_elements |
0.71636 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00685 |
| scoring_system |
epss |
| scoring_elements |
0.71643 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00685 |
| scoring_system |
epss |
| scoring_elements |
0.71661 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00685 |
| scoring_system |
epss |
| scoring_elements |
0.71634 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00685 |
| scoring_system |
epss |
| scoring_elements |
0.71673 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00685 |
| scoring_system |
epss |
| scoring_elements |
0.71684 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00685 |
| scoring_system |
epss |
| scoring_elements |
0.71707 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00685 |
| scoring_system |
epss |
| scoring_elements |
0.71691 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00685 |
| scoring_system |
epss |
| scoring_elements |
0.71672 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-4597 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-4597
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nzu7-8h1d-mbbw |
|
| 133 |
| url |
VCID-p5vz-kq6m-63dd |
| vulnerability_id |
VCID-p5vz-kq6m-63dd |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which could result in a Denial of Service condition. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-17281 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.80258 |
| scoring_system |
epss |
| scoring_elements |
0.99108 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.80258 |
| scoring_system |
epss |
| scoring_elements |
0.99109 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.80258 |
| scoring_system |
epss |
| scoring_elements |
0.99111 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.80258 |
| scoring_system |
epss |
| scoring_elements |
0.99115 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.80258 |
| scoring_system |
epss |
| scoring_elements |
0.99116 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.80258 |
| scoring_system |
epss |
| scoring_elements |
0.99117 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.80258 |
| scoring_system |
epss |
| scoring_elements |
0.99118 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-17281 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-17281
|
| risk_score |
1.4 |
| exploitability |
2.0 |
| weighted_severity |
0.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p5vz-kq6m-63dd |
|
| 134 |
| url |
VCID-p6k6-8gxf-sydp |
| vulnerability_id |
VCID-p6k6-8gxf-sydp |
| summary |
Multiple vulnerabilities have been found in Asterisk allowing for SQL
injection, session hijacking and unauthorized usage. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-6430 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00659 |
| scoring_system |
epss |
| scoring_elements |
0.7102 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00659 |
| scoring_system |
epss |
| scoring_elements |
0.71029 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00659 |
| scoring_system |
epss |
| scoring_elements |
0.71047 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00659 |
| scoring_system |
epss |
| scoring_elements |
0.71022 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00659 |
| scoring_system |
epss |
| scoring_elements |
0.71064 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00659 |
| scoring_system |
epss |
| scoring_elements |
0.71079 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00659 |
| scoring_system |
epss |
| scoring_elements |
0.71102 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00659 |
| scoring_system |
epss |
| scoring_elements |
0.71087 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00659 |
| scoring_system |
epss |
| scoring_elements |
0.7107 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-6430 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-6430
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p6k6-8gxf-sydp |
|
| 135 |
| url |
VCID-phb4-xaj7-byg2 |
| vulnerability_id |
VCID-phb4-xaj7-byg2 |
| summary |
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-23741 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10351 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10373 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.1028 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10347 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10245 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10319 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10381 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10412 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-23741 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-23741
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-phb4-xaj7-byg2 |
|
| 136 |
| url |
VCID-pjwr-x9hp-g7dk |
| vulnerability_id |
VCID-pjwr-x9hp-g7dk |
| summary |
Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-4521 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02417 |
| scoring_system |
epss |
| scoring_elements |
0.85042 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02417 |
| scoring_system |
epss |
| scoring_elements |
0.85055 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.02417 |
| scoring_system |
epss |
| scoring_elements |
0.85072 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.02417 |
| scoring_system |
epss |
| scoring_elements |
0.85076 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02417 |
| scoring_system |
epss |
| scoring_elements |
0.85098 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02417 |
| scoring_system |
epss |
| scoring_elements |
0.85105 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02417 |
| scoring_system |
epss |
| scoring_elements |
0.8512 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02417 |
| scoring_system |
epss |
| scoring_elements |
0.85118 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02417 |
| scoring_system |
epss |
| scoring_elements |
0.85115 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-4521 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-4521
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pjwr-x9hp-g7dk |
|
| 137 |
| url |
VCID-pmte-bc34-pfcv |
| vulnerability_id |
VCID-pmte-bc34-pfcv |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-38703 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0028 |
| scoring_system |
epss |
| scoring_elements |
0.51431 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.0028 |
| scoring_system |
epss |
| scoring_elements |
0.5137 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.0028 |
| scoring_system |
epss |
| scoring_elements |
0.51424 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.0028 |
| scoring_system |
epss |
| scoring_elements |
0.51422 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.0028 |
| scoring_system |
epss |
| scoring_elements |
0.51465 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.0028 |
| scoring_system |
epss |
| scoring_elements |
0.51444 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.0028 |
| scoring_system |
epss |
| scoring_elements |
0.51384 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.0028 |
| scoring_system |
epss |
| scoring_elements |
0.51411 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-38703 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-38703
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pmte-bc34-pfcv |
|
| 138 |
| url |
VCID-psbg-wv2x-w7ba |
| vulnerability_id |
VCID-psbg-wv2x-w7ba |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23547 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.60283 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.60308 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.60277 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.60327 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.60342 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.60363 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.60349 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.6033 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23547 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-23547
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-psbg-wv2x-w7ba |
|
| 139 |
| url |
VCID-q3py-mykt-4kax |
| vulnerability_id |
VCID-q3py-mykt-4kax |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-49832 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39269 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39245 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00194 |
| scoring_system |
epss |
| scoring_elements |
0.41348 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00194 |
| scoring_system |
epss |
| scoring_elements |
0.41394 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00194 |
| scoring_system |
epss |
| scoring_elements |
0.41362 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00194 |
| scoring_system |
epss |
| scoring_elements |
0.41315 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00194 |
| scoring_system |
epss |
| scoring_elements |
0.41366 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00194 |
| scoring_system |
epss |
| scoring_elements |
0.41373 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-49832 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-49832
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q3py-mykt-4kax |
|
| 140 |
| url |
VCID-q6w8-pqsz-7ud4 |
| vulnerability_id |
VCID-q6w8-pqsz-7ud4 |
| summary |
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-1595 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00816 |
| scoring_system |
epss |
| scoring_elements |
0.74295 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00816 |
| scoring_system |
epss |
| scoring_elements |
0.7425 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00816 |
| scoring_system |
epss |
| scoring_elements |
0.74255 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00816 |
| scoring_system |
epss |
| scoring_elements |
0.74282 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00816 |
| scoring_system |
epss |
| scoring_elements |
0.74287 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00816 |
| scoring_system |
epss |
| scoring_elements |
0.74302 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00816 |
| scoring_system |
epss |
| scoring_elements |
0.74323 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00816 |
| scoring_system |
epss |
| scoring_elements |
0.74303 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-1595 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-1595
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q6w8-pqsz-7ud4 |
|
| 141 |
| url |
VCID-qcqe-63ev-f7gv |
| vulnerability_id |
VCID-qcqe-63ev-f7gv |
| summary |
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42491 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00963 |
| scoring_system |
epss |
| scoring_elements |
0.76496 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00963 |
| scoring_system |
epss |
| scoring_elements |
0.76545 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00963 |
| scoring_system |
epss |
| scoring_elements |
0.76565 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00963 |
| scoring_system |
epss |
| scoring_elements |
0.76539 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00963 |
| scoring_system |
epss |
| scoring_elements |
0.76528 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00963 |
| scoring_system |
epss |
| scoring_elements |
0.76484 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00963 |
| scoring_system |
epss |
| scoring_elements |
0.76513 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42491 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-42491
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qcqe-63ev-f7gv |
|
| 142 |
| url |
VCID-qksp-5hqu-7qad |
| vulnerability_id |
VCID-qksp-5hqu-7qad |
| summary |
An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7251 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04411 |
| scoring_system |
epss |
| scoring_elements |
0.89019 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.04411 |
| scoring_system |
epss |
| scoring_elements |
0.89022 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.04411 |
| scoring_system |
epss |
| scoring_elements |
0.88965 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.04411 |
| scoring_system |
epss |
| scoring_elements |
0.88973 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.04411 |
| scoring_system |
epss |
| scoring_elements |
0.88989 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.04411 |
| scoring_system |
epss |
| scoring_elements |
0.88992 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.04411 |
| scoring_system |
epss |
| scoring_elements |
0.8901 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.04411 |
| scoring_system |
epss |
| scoring_elements |
0.89015 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.04411 |
| scoring_system |
epss |
| scoring_elements |
0.89026 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-7251 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-7251
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qksp-5hqu-7qad |
|
| 143 |
| url |
VCID-qpwr-bqps-77cc |
| vulnerability_id |
VCID-qpwr-bqps-77cc |
| summary |
Multiple vulnerabilities in Asterisk might allow remote attackers
to execute arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-2947 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04301 |
| scoring_system |
epss |
| scoring_elements |
0.88823 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.04301 |
| scoring_system |
epss |
| scoring_elements |
0.88832 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.04301 |
| scoring_system |
epss |
| scoring_elements |
0.88848 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.04301 |
| scoring_system |
epss |
| scoring_elements |
0.8885 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.04301 |
| scoring_system |
epss |
| scoring_elements |
0.88867 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.04301 |
| scoring_system |
epss |
| scoring_elements |
0.88873 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.04301 |
| scoring_system |
epss |
| scoring_elements |
0.88884 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.04301 |
| scoring_system |
epss |
| scoring_elements |
0.88879 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-2947 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-2947
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qpwr-bqps-77cc |
|
| 144 |
| url |
VCID-qsqz-g9fv-6bgg |
| vulnerability_id |
VCID-qsqz-g9fv-6bgg |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which may allow execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2264 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00171 |
| scoring_system |
epss |
| scoring_elements |
0.3833 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00171 |
| scoring_system |
epss |
| scoring_elements |
0.38291 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00171 |
| scoring_system |
epss |
| scoring_elements |
0.38429 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00171 |
| scoring_system |
epss |
| scoring_elements |
0.38453 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00171 |
| scoring_system |
epss |
| scoring_elements |
0.38317 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00171 |
| scoring_system |
epss |
| scoring_elements |
0.38367 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00171 |
| scoring_system |
epss |
| scoring_elements |
0.38375 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00171 |
| scoring_system |
epss |
| scoring_elements |
0.38392 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00171 |
| scoring_system |
epss |
| scoring_elements |
0.38355 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2264 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
|
| 136 |
|
| 137 |
|
| 138 |
|
| 139 |
|
| 140 |
|
| 141 |
|
| 142 |
|
| 143 |
|
| 144 |
|
| 145 |
|
| 146 |
|
| 147 |
|
| 148 |
|
| 149 |
|
| 150 |
|
| 151 |
|
| 152 |
|
| 153 |
|
| 154 |
|
| 155 |
|
| 156 |
|
| 157 |
|
| 158 |
|
| 159 |
|
| 160 |
|
| 161 |
|
| 162 |
|
| 163 |
|
| 164 |
|
| 165 |
|
| 166 |
|
| 167 |
|
| 168 |
|
| 169 |
|
| 170 |
|
| 171 |
|
| 172 |
|
| 173 |
|
| 174 |
|
| 175 |
|
| 176 |
|
| 177 |
|
| 178 |
|
| 179 |
|
| 180 |
|
| 181 |
|
| 182 |
|
| 183 |
|
| 184 |
|
| 185 |
|
| 186 |
|
| 187 |
|
| 188 |
|
| 189 |
|
| 190 |
|
| 191 |
|
| 192 |
|
| 193 |
|
| 194 |
|
| 195 |
|
| 196 |
|
| 197 |
|
| 198 |
|
| 199 |
|
| 200 |
|
| 201 |
|
| 202 |
|
| 203 |
|
| 204 |
|
| 205 |
|
| 206 |
|
| 207 |
|
| 208 |
|
| 209 |
|
| 210 |
|
| 211 |
|
| 212 |
|
| 213 |
|
| 214 |
|
| 215 |
|
| 216 |
|
| 217 |
|
| 218 |
|
| 219 |
|
| 220 |
|
| 221 |
|
| 222 |
|
| 223 |
|
| 224 |
|
| 225 |
|
| 226 |
|
| 227 |
|
| 228 |
|
| 229 |
|
| 230 |
|
| 231 |
|
| 232 |
|
| 233 |
|
| 234 |
|
| 235 |
|
| 236 |
|
| 237 |
|
| 238 |
|
| 239 |
|
| 240 |
|
| 241 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-2264
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qsqz-g9fv-6bgg |
|
| 145 |
| url |
VCID-r1sd-avzd-d7gv |
| vulnerability_id |
VCID-r1sd-avzd-d7gv |
| summary |
Asterisk is vulnerable to the remote execution of arbitrary code or a
Denial of Service. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2006-5444 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.87055 |
| scoring_system |
epss |
| scoring_elements |
0.99436 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.87055 |
| scoring_system |
epss |
| scoring_elements |
0.99435 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.87055 |
| scoring_system |
epss |
| scoring_elements |
0.99437 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.87055 |
| scoring_system |
epss |
| scoring_elements |
0.99439 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.87055 |
| scoring_system |
epss |
| scoring_elements |
0.9944 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.87055 |
| scoring_system |
epss |
| scoring_elements |
0.99441 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2006-5444 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2006-5444
|
| risk_score |
1.6 |
| exploitability |
2.0 |
| weighted_severity |
0.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r1sd-avzd-d7gv |
|
| 146 |
| url |
VCID-r54j-ydjm-4uca |
| vulnerability_id |
VCID-r54j-ydjm-4uca |
| summary |
Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the Asterisk product directory (aka directory traversal) and the attack can only be performed by a privileged user who has the ability to manage the configuration. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-57520 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03515 |
| scoring_system |
epss |
| scoring_elements |
0.87634 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.03515 |
| scoring_system |
epss |
| scoring_elements |
0.87624 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.03515 |
| scoring_system |
epss |
| scoring_elements |
0.8763 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.03515 |
| scoring_system |
epss |
| scoring_elements |
0.87641 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.03515 |
| scoring_system |
epss |
| scoring_elements |
0.87636 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.03515 |
| scoring_system |
epss |
| scoring_elements |
0.87588 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.03515 |
| scoring_system |
epss |
| scoring_elements |
0.87601 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.03515 |
| scoring_system |
epss |
| scoring_elements |
0.87604 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-57520 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-57520
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r54j-ydjm-4uca |
|
| 147 |
| url |
VCID-r6s6-y3q8-vydc |
| vulnerability_id |
VCID-r6s6-y3q8-vydc |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which allows remote execution of arbitrary shell commands. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-14099 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00368 |
| scoring_system |
epss |
| scoring_elements |
0.58598 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00368 |
| scoring_system |
epss |
| scoring_elements |
0.58681 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00368 |
| scoring_system |
epss |
| scoring_elements |
0.58702 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00368 |
| scoring_system |
epss |
| scoring_elements |
0.58669 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00368 |
| scoring_system |
epss |
| scoring_elements |
0.58721 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00368 |
| scoring_system |
epss |
| scoring_elements |
0.58727 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00368 |
| scoring_system |
epss |
| scoring_elements |
0.58746 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00368 |
| scoring_system |
epss |
| scoring_elements |
0.58707 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-14099 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-14099
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r6s6-y3q8-vydc |
|
| 148 |
| url |
VCID-r8b9-jcqa-xyb2 |
| vulnerability_id |
VCID-r8b9-jcqa-xyb2 |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35776 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00085 |
| scoring_system |
epss |
| scoring_elements |
0.24665 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00085 |
| scoring_system |
epss |
| scoring_elements |
0.24741 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00085 |
| scoring_system |
epss |
| scoring_elements |
0.24781 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00085 |
| scoring_system |
epss |
| scoring_elements |
0.24553 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00085 |
| scoring_system |
epss |
| scoring_elements |
0.24625 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00085 |
| scoring_system |
epss |
| scoring_elements |
0.24671 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00085 |
| scoring_system |
epss |
| scoring_elements |
0.24686 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00085 |
| scoring_system |
epss |
| scoring_elements |
0.24645 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00085 |
| scoring_system |
epss |
| scoring_elements |
0.24589 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35776 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-35776
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r8b9-jcqa-xyb2 |
|
| 149 |
| url |
VCID-rb5h-mvxt-7qhv |
| vulnerability_id |
VCID-rb5h-mvxt-7qhv |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-3008 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.39025 |
| scoring_system |
epss |
| scoring_elements |
0.97249 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.39025 |
| scoring_system |
epss |
| scoring_elements |
0.97255 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.39025 |
| scoring_system |
epss |
| scoring_elements |
0.9726 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.39025 |
| scoring_system |
epss |
| scoring_elements |
0.97261 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.39025 |
| scoring_system |
epss |
| scoring_elements |
0.97268 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.39025 |
| scoring_system |
epss |
| scoring_elements |
0.97269 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.39025 |
| scoring_system |
epss |
| scoring_elements |
0.97272 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.39025 |
| scoring_system |
epss |
| scoring_elements |
0.97273 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.39025 |
| scoring_system |
epss |
| scoring_elements |
0.97274 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-3008 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-3008
|
| risk_score |
0.2 |
| exploitability |
0.5 |
| weighted_severity |
0.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rb5h-mvxt-7qhv |
|
| 150 |
| url |
VCID-rb9n-t857-1uac |
| vulnerability_id |
VCID-rb9n-t857-1uac |
| summary |
Multiple vulnerabilities have been found in Asterisk allowing for SQL
injection, session hijacking and unauthorized usage. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-1332 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01064 |
| scoring_system |
epss |
| scoring_elements |
0.77612 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01064 |
| scoring_system |
epss |
| scoring_elements |
0.77619 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01064 |
| scoring_system |
epss |
| scoring_elements |
0.77646 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01064 |
| scoring_system |
epss |
| scoring_elements |
0.77629 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01064 |
| scoring_system |
epss |
| scoring_elements |
0.77657 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01064 |
| scoring_system |
epss |
| scoring_elements |
0.77662 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01064 |
| scoring_system |
epss |
| scoring_elements |
0.77688 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01064 |
| scoring_system |
epss |
| scoring_elements |
0.77672 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01064 |
| scoring_system |
epss |
| scoring_elements |
0.77671 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-1332 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-1332
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rb9n-t857-1uac |
|
| 151 |
| url |
VCID-re5z-334n-e7a2 |
| vulnerability_id |
VCID-re5z-334n-e7a2 |
| summary |
Multiple vulnerabilities have been found in Asterisk allowing for Denial of
Service and username disclosure. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-1897 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03049 |
| scoring_system |
epss |
| scoring_elements |
0.8663 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.03049 |
| scoring_system |
epss |
| scoring_elements |
0.86641 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.03049 |
| scoring_system |
epss |
| scoring_elements |
0.8666 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.03049 |
| scoring_system |
epss |
| scoring_elements |
0.86678 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.03049 |
| scoring_system |
epss |
| scoring_elements |
0.86688 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.03049 |
| scoring_system |
epss |
| scoring_elements |
0.86702 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.03049 |
| scoring_system |
epss |
| scoring_elements |
0.86699 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.03049 |
| scoring_system |
epss |
| scoring_elements |
0.86692 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-1897 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-1897
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-re5z-334n-e7a2 |
|
| 152 |
| url |
VCID-rn9b-2scp-byf5 |
| vulnerability_id |
VCID-rn9b-2scp-byf5 |
| summary |
asterisk: remote DoS on receipt of malformed RTP text frames |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-2651 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.216 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21826 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21579 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21656 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21713 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21725 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21686 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21628 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-2651 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-2651
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rn9b-2scp-byf5 |
|
| 153 |
| url |
VCID-rwug-45gf-s3bz |
| vulnerability_id |
VCID-rwug-45gf-s3bz |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-7284 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.65243 |
| scoring_system |
epss |
| scoring_elements |
0.98469 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.65243 |
| scoring_system |
epss |
| scoring_elements |
0.98471 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.65243 |
| scoring_system |
epss |
| scoring_elements |
0.98474 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.65243 |
| scoring_system |
epss |
| scoring_elements |
0.98475 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.65243 |
| scoring_system |
epss |
| scoring_elements |
0.98479 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.65243 |
| scoring_system |
epss |
| scoring_elements |
0.9848 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.65243 |
| scoring_system |
epss |
| scoring_elements |
0.98483 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.65243 |
| scoring_system |
epss |
| scoring_elements |
0.98482 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-7284 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-7284
|
| risk_score |
1.2 |
| exploitability |
2.0 |
| weighted_severity |
0.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rwug-45gf-s3bz |
|
| 154 |
| url |
VCID-s3p6-93jg-p7c3 |
| vulnerability_id |
VCID-s3p6-93jg-p7c3 |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the
worst of which could allow privileged users to execute arbitrary system
shell commands. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-4046 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01378 |
| scoring_system |
epss |
| scoring_elements |
0.80256 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.01378 |
| scoring_system |
epss |
| scoring_elements |
0.80203 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01378 |
| scoring_system |
epss |
| scoring_elements |
0.80211 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01378 |
| scoring_system |
epss |
| scoring_elements |
0.80231 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01378 |
| scoring_system |
epss |
| scoring_elements |
0.8022 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01378 |
| scoring_system |
epss |
| scoring_elements |
0.80248 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01378 |
| scoring_system |
epss |
| scoring_elements |
0.80258 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01378 |
| scoring_system |
epss |
| scoring_elements |
0.80277 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01378 |
| scoring_system |
epss |
| scoring_elements |
0.80261 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-4046 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-4046
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s3p6-93jg-p7c3 |
|
| 155 |
| url |
VCID-s7qt-9z8z-y7bx |
| vulnerability_id |
VCID-s7qt-9z8z-y7bx |
| summary |
Multiple vulnerabilities in Asterisk might allow unauthenticated
remote attackers to execute arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2665 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02315 |
| scoring_system |
epss |
| scoring_elements |
0.8471 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02315 |
| scoring_system |
epss |
| scoring_elements |
0.84725 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.02315 |
| scoring_system |
epss |
| scoring_elements |
0.84744 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.02315 |
| scoring_system |
epss |
| scoring_elements |
0.84746 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02315 |
| scoring_system |
epss |
| scoring_elements |
0.84769 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02315 |
| scoring_system |
epss |
| scoring_elements |
0.84775 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02315 |
| scoring_system |
epss |
| scoring_elements |
0.84793 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02315 |
| scoring_system |
epss |
| scoring_elements |
0.84789 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02315 |
| scoring_system |
epss |
| scoring_elements |
0.84783 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2665 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-2665
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s7qt-9z8z-y7bx |
|
| 156 |
| url |
VCID-sb1c-cz2g-dycu |
| vulnerability_id |
VCID-sb1c-cz2g-dycu |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which may allow execution of arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-7100 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02551 |
| scoring_system |
epss |
| scoring_elements |
0.85415 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02551 |
| scoring_system |
epss |
| scoring_elements |
0.85427 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.02551 |
| scoring_system |
epss |
| scoring_elements |
0.85447 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.02551 |
| scoring_system |
epss |
| scoring_elements |
0.85451 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02551 |
| scoring_system |
epss |
| scoring_elements |
0.85471 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02551 |
| scoring_system |
epss |
| scoring_elements |
0.8548 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02551 |
| scoring_system |
epss |
| scoring_elements |
0.85494 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02551 |
| scoring_system |
epss |
| scoring_elements |
0.85492 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02551 |
| scoring_system |
epss |
| scoring_elements |
0.85489 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-7100 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-7100
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sb1c-cz2g-dycu |
|
| 157 |
| url |
VCID-sqgd-ykvk-2qay |
| vulnerability_id |
VCID-sqgd-ykvk-2qay |
| summary |
Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-8416 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01066 |
| scoring_system |
epss |
| scoring_elements |
0.77695 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.01066 |
| scoring_system |
epss |
| scoring_elements |
0.77637 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01066 |
| scoring_system |
epss |
| scoring_elements |
0.77644 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01066 |
| scoring_system |
epss |
| scoring_elements |
0.77671 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01066 |
| scoring_system |
epss |
| scoring_elements |
0.77653 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01066 |
| scoring_system |
epss |
| scoring_elements |
0.77681 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01066 |
| scoring_system |
epss |
| scoring_elements |
0.77687 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01066 |
| scoring_system |
epss |
| scoring_elements |
0.77713 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01066 |
| scoring_system |
epss |
| scoring_elements |
0.77696 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-8416 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-8416
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sqgd-ykvk-2qay |
|
| 158 |
| url |
VCID-sw4t-1yct-ffbd |
| vulnerability_id |
VCID-sw4t-1yct-ffbd |
| summary |
Multiple vulnerabilities in Asterisk might allow remote attackers
to execute arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-2948 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03932 |
| scoring_system |
epss |
| scoring_elements |
0.88276 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.03932 |
| scoring_system |
epss |
| scoring_elements |
0.88285 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.03932 |
| scoring_system |
epss |
| scoring_elements |
0.88299 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.03932 |
| scoring_system |
epss |
| scoring_elements |
0.88303 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.03932 |
| scoring_system |
epss |
| scoring_elements |
0.88323 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.03932 |
| scoring_system |
epss |
| scoring_elements |
0.88329 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.03932 |
| scoring_system |
epss |
| scoring_elements |
0.88339 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.03932 |
| scoring_system |
epss |
| scoring_elements |
0.88331 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-2948 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-2948
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sw4t-1yct-ffbd |
|
| 159 |
| url |
VCID-tekr-xkck-pkfu |
| vulnerability_id |
VCID-tekr-xkck-pkfu |
| summary |
Multiple vulnerabilities in Asterisk might allow remote attackers to cause
a Denial of Service condition, or conduct other attacks. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-7220 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.10024 |
| scoring_system |
epss |
| scoring_elements |
0.93033 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.10024 |
| scoring_system |
epss |
| scoring_elements |
0.93041 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.10024 |
| scoring_system |
epss |
| scoring_elements |
0.93045 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.10024 |
| scoring_system |
epss |
| scoring_elements |
0.93053 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.10024 |
| scoring_system |
epss |
| scoring_elements |
0.93058 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.10024 |
| scoring_system |
epss |
| scoring_elements |
0.93063 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.10024 |
| scoring_system |
epss |
| scoring_elements |
0.9306 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.10024 |
| scoring_system |
epss |
| scoring_elements |
0.93062 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-7220 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-7220
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tekr-xkck-pkfu |
|
| 160 |
| url |
VCID-tmja-qaa1-8kex |
| vulnerability_id |
VCID-tmja-qaa1-8kex |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-57767 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.26876 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.2707 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.26861 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.26929 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.26976 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.26979 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.26934 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00102 |
| scoring_system |
epss |
| scoring_elements |
0.28205 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-57767 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-57767
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tmja-qaa1-8kex |
|
| 161 |
| url |
VCID-tqwd-ffwc-mkd1 |
| vulnerability_id |
VCID-tqwd-ffwc-mkd1 |
| summary |
Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24792 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01621 |
| scoring_system |
epss |
| scoring_elements |
0.81774 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.01621 |
| scoring_system |
epss |
| scoring_elements |
0.81797 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.01621 |
| scoring_system |
epss |
| scoring_elements |
0.81795 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.01621 |
| scoring_system |
epss |
| scoring_elements |
0.81821 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.01621 |
| scoring_system |
epss |
| scoring_elements |
0.81828 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.01621 |
| scoring_system |
epss |
| scoring_elements |
0.81847 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.01621 |
| scoring_system |
epss |
| scoring_elements |
0.81835 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.01621 |
| scoring_system |
epss |
| scoring_elements |
0.81829 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24792 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-24792
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tqwd-ffwc-mkd1 |
|
| 162 |
| url |
VCID-ttmk-fs9h-hufh |
| vulnerability_id |
VCID-ttmk-fs9h-hufh |
| summary |
An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-7287 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.33107 |
| scoring_system |
epss |
| scoring_elements |
0.96867 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.33107 |
| scoring_system |
epss |
| scoring_elements |
0.96874 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.33107 |
| scoring_system |
epss |
| scoring_elements |
0.96879 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.33107 |
| scoring_system |
epss |
| scoring_elements |
0.96884 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.33107 |
| scoring_system |
epss |
| scoring_elements |
0.96892 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.33107 |
| scoring_system |
epss |
| scoring_elements |
0.96893 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.33107 |
| scoring_system |
epss |
| scoring_elements |
0.96896 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.33107 |
| scoring_system |
epss |
| scoring_elements |
0.96898 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.33107 |
| scoring_system |
epss |
| scoring_elements |
0.96899 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-7287 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-7287
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ttmk-fs9h-hufh |
|
| 163 |
| url |
VCID-tw8d-u845-r3dq |
| vulnerability_id |
VCID-tw8d-u845-r3dq |
| summary |
Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24754 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00466 |
| scoring_system |
epss |
| scoring_elements |
0.64356 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00466 |
| scoring_system |
epss |
| scoring_elements |
0.64385 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00466 |
| scoring_system |
epss |
| scoring_elements |
0.64344 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00466 |
| scoring_system |
epss |
| scoring_elements |
0.64393 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00466 |
| scoring_system |
epss |
| scoring_elements |
0.64408 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00466 |
| scoring_system |
epss |
| scoring_elements |
0.6442 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00466 |
| scoring_system |
epss |
| scoring_elements |
0.64379 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24754 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-24754
|
| risk_score |
3.9 |
| exploitability |
0.5 |
| weighted_severity |
7.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tw8d-u845-r3dq |
|
| 164 |
| url |
VCID-tyh4-14zn-63ez |
| vulnerability_id |
VCID-tyh4-14zn-63ez |
| summary |
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-28242 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61018 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61095 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61124 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61089 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61138 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61153 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61174 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.6116 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61141 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-28242 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-28242
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tyh4-14zn-63ez |
|
| 165 |
| url |
VCID-u4gv-ss9p-sqe9 |
| vulnerability_id |
VCID-u4gv-ss9p-sqe9 |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which allows remote execution of arbitrary shell commands. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-14098 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.40123 |
| scoring_system |
epss |
| scoring_elements |
0.97314 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.40123 |
| scoring_system |
epss |
| scoring_elements |
0.9732 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.40123 |
| scoring_system |
epss |
| scoring_elements |
0.97324 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.40123 |
| scoring_system |
epss |
| scoring_elements |
0.97325 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.40123 |
| scoring_system |
epss |
| scoring_elements |
0.97332 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.40123 |
| scoring_system |
epss |
| scoring_elements |
0.97334 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.40123 |
| scoring_system |
epss |
| scoring_elements |
0.97335 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.40123 |
| scoring_system |
epss |
| scoring_elements |
0.97336 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-14098 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-14098
|
| risk_score |
0.2 |
| exploitability |
0.5 |
| weighted_severity |
0.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u4gv-ss9p-sqe9 |
|
| 166 |
| url |
VCID-u91b-9huy-43hn |
| vulnerability_id |
VCID-u91b-9huy-43hn |
| summary |
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-47779 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00279 |
| scoring_system |
epss |
| scoring_elements |
0.51324 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00279 |
| scoring_system |
epss |
| scoring_elements |
0.51316 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00279 |
| scoring_system |
epss |
| scoring_elements |
0.51359 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00279 |
| scoring_system |
epss |
| scoring_elements |
0.51338 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00279 |
| scoring_system |
epss |
| scoring_elements |
0.51279 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00279 |
| scoring_system |
epss |
| scoring_elements |
0.51304 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00279 |
| scoring_system |
epss |
| scoring_elements |
0.51264 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00279 |
| scoring_system |
epss |
| scoring_elements |
0.51319 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-47779 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-47779
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
6.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u91b-9huy-43hn |
|
| 167 |
| url |
VCID-u99q-b5ug-jyd5 |
| vulnerability_id |
VCID-u99q-b5ug-jyd5 |
| summary |
Multiple vulnerabilities have been found in Asterisk allowing for Denial of
Service and username disclosure. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3903 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00731 |
| scoring_system |
epss |
| scoring_elements |
0.72688 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00731 |
| scoring_system |
epss |
| scoring_elements |
0.72637 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00731 |
| scoring_system |
epss |
| scoring_elements |
0.72645 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00731 |
| scoring_system |
epss |
| scoring_elements |
0.72662 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00731 |
| scoring_system |
epss |
| scoring_elements |
0.7264 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00731 |
| scoring_system |
epss |
| scoring_elements |
0.72679 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00731 |
| scoring_system |
epss |
| scoring_elements |
0.72692 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00731 |
| scoring_system |
epss |
| scoring_elements |
0.72715 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00731 |
| scoring_system |
epss |
| scoring_elements |
0.72698 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-3903 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-3903
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u99q-b5ug-jyd5 |
|
| 168 |
| url |
VCID-u9xx-wevm-ufdh |
| vulnerability_id |
VCID-u9xx-wevm-ufdh |
| summary |
Multiple vulnerabilities in Asterisk might allow unauthenticated
remote attackers to execute arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2529 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03361 |
| scoring_system |
epss |
| scoring_elements |
0.87294 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.03361 |
| scoring_system |
epss |
| scoring_elements |
0.87304 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.03361 |
| scoring_system |
epss |
| scoring_elements |
0.8732 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.03361 |
| scoring_system |
epss |
| scoring_elements |
0.87319 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.03361 |
| scoring_system |
epss |
| scoring_elements |
0.87338 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.03361 |
| scoring_system |
epss |
| scoring_elements |
0.87345 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.03361 |
| scoring_system |
epss |
| scoring_elements |
0.87358 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.03361 |
| scoring_system |
epss |
| scoring_elements |
0.87352 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.03361 |
| scoring_system |
epss |
| scoring_elements |
0.87348 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2529 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-2529
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u9xx-wevm-ufdh |
|
| 169 |
| url |
VCID-urhv-6gz3-u7fr |
| vulnerability_id |
VCID-urhv-6gz3-u7fr |
| summary |
Multiple vulnerabilities in Asterisk might allow unauthenticated
remote attackers to execute arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1599 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00338 |
| scoring_system |
epss |
| scoring_elements |
0.56651 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00338 |
| scoring_system |
epss |
| scoring_elements |
0.56536 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00338 |
| scoring_system |
epss |
| scoring_elements |
0.56633 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00338 |
| scoring_system |
epss |
| scoring_elements |
0.56654 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00338 |
| scoring_system |
epss |
| scoring_elements |
0.56632 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00338 |
| scoring_system |
epss |
| scoring_elements |
0.56684 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00338 |
| scoring_system |
epss |
| scoring_elements |
0.56689 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00338 |
| scoring_system |
epss |
| scoring_elements |
0.56697 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00338 |
| scoring_system |
epss |
| scoring_elements |
0.56672 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1599 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
|
| 136 |
|
| 137 |
|
| 138 |
|
| 139 |
|
| 140 |
|
| 141 |
|
| 142 |
|
| 143 |
|
| 144 |
|
| 145 |
|
| 146 |
|
| 147 |
|
| 148 |
|
| 149 |
|
| 150 |
|
| 151 |
|
| 152 |
|
| 153 |
|
| 154 |
|
| 155 |
|
| 156 |
|
| 157 |
|
| 158 |
|
| 159 |
|
| 160 |
|
| 161 |
|
| 162 |
|
| 163 |
|
| 164 |
|
| 165 |
|
| 166 |
|
| 167 |
|
| 168 |
|
| 169 |
|
| 170 |
|
| 171 |
|
| 172 |
|
| 173 |
|
| 174 |
|
| 175 |
|
| 176 |
|
| 177 |
|
| 178 |
|
| 179 |
|
| 180 |
|
| 181 |
|
| 182 |
|
| 183 |
|
| 184 |
|
| 185 |
|
| 186 |
|
| 187 |
|
| 188 |
|
| 189 |
|
| 190 |
|
| 191 |
|
| 192 |
|
| 193 |
|
| 194 |
|
| 195 |
|
| 196 |
|
| 197 |
|
| 198 |
|
| 199 |
|
| 200 |
|
| 201 |
|
| 202 |
|
| 203 |
|
| 204 |
|
| 205 |
|
| 206 |
|
| 207 |
|
| 208 |
|
| 209 |
|
| 210 |
|
| 211 |
|
| 212 |
|
| 213 |
|
| 214 |
|
| 215 |
|
| 216 |
|
| 217 |
|
| 218 |
|
| 219 |
|
| 220 |
|
| 221 |
|
| 222 |
|
| 223 |
|
| 224 |
|
| 225 |
|
| 226 |
|
| 227 |
|
| 228 |
|
| 229 |
|
| 230 |
|
| 231 |
|
| 232 |
|
| 233 |
|
| 234 |
|
| 235 |
|
| 236 |
|
| 237 |
|
| 238 |
|
| 239 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-1599
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-urhv-6gz3-u7fr |
|
| 170 |
| url |
VCID-v7ev-jtsg-cqdg |
| vulnerability_id |
VCID-v7ev-jtsg-cqdg |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-46837 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.32972 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.33102 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.33135 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.32965 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.33011 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.33041 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.33045 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.33006 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00134 |
| scoring_system |
epss |
| scoring_elements |
0.32981 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-46837 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-46837
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v7ev-jtsg-cqdg |
|
| 171 |
| url |
VCID-vwf4-v4ve-4yfh |
| vulnerability_id |
VCID-vwf4-v4ve-4yfh |
| summary |
Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-39244 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00325 |
| scoring_system |
epss |
| scoring_elements |
0.55475 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00325 |
| scoring_system |
epss |
| scoring_elements |
0.555 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00325 |
| scoring_system |
epss |
| scoring_elements |
0.55478 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00325 |
| scoring_system |
epss |
| scoring_elements |
0.5553 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00325 |
| scoring_system |
epss |
| scoring_elements |
0.55539 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00325 |
| scoring_system |
epss |
| scoring_elements |
0.55519 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00325 |
| scoring_system |
epss |
| scoring_elements |
0.55502 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-39244 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-39244
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vwf4-v4ve-4yfh |
|
| 172 |
| url |
VCID-w7ce-jd16-xbbs |
| vulnerability_id |
VCID-w7ce-jd16-xbbs |
| summary |
Multiple vulnerabilities have been found in Asterisk allowing for SQL
injection, session hijacking and unauthorized usage. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-6170 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.5863 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.58651 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.58669 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.5865 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.58593 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.58645 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62346 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62376 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00427 |
| scoring_system |
epss |
| scoring_elements |
0.62288 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-6170 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-6170
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w7ce-jd16-xbbs |
|
| 173 |
| url |
VCID-w94b-nwsf-wkg3 |
| vulnerability_id |
VCID-w94b-nwsf-wkg3 |
| summary |
The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-1923 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01525 |
| scoring_system |
epss |
| scoring_elements |
0.81217 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01525 |
| scoring_system |
epss |
| scoring_elements |
0.81226 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01525 |
| scoring_system |
epss |
| scoring_elements |
0.81249 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01525 |
| scoring_system |
epss |
| scoring_elements |
0.81247 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01525 |
| scoring_system |
epss |
| scoring_elements |
0.81276 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01525 |
| scoring_system |
epss |
| scoring_elements |
0.81281 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01525 |
| scoring_system |
epss |
| scoring_elements |
0.81301 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01525 |
| scoring_system |
epss |
| scoring_elements |
0.81288 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01525 |
| scoring_system |
epss |
| scoring_elements |
0.8128 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-1923 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-1923
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w94b-nwsf-wkg3 |
|
| 174 |
| url |
VCID-w9ce-m3x8-n3ak |
| vulnerability_id |
VCID-w9ce-m3x8-n3ak |
| summary |
Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24786 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.72929 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.72948 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.72925 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.72962 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.72975 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.73 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.7298 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00743 |
| scoring_system |
epss |
| scoring_elements |
0.72973 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24786 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-24786
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w9ce-m3x8-n3ak |
|
| 175 |
| url |
VCID-w9e8-ekah-wfg2 |
| vulnerability_id |
VCID-w9e8-ekah-wfg2 |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which could result in a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-17850 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.29958 |
| scoring_system |
epss |
| scoring_elements |
0.96649 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.29958 |
| scoring_system |
epss |
| scoring_elements |
0.96634 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.29958 |
| scoring_system |
epss |
| scoring_elements |
0.96641 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.29958 |
| scoring_system |
epss |
| scoring_elements |
0.96643 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.29958 |
| scoring_system |
epss |
| scoring_elements |
0.96646 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.67457 |
| scoring_system |
epss |
| scoring_elements |
0.98558 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.67457 |
| scoring_system |
epss |
| scoring_elements |
0.9856 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.67457 |
| scoring_system |
epss |
| scoring_elements |
0.98563 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-17850 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-17850
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w9e8-ekah-wfg2 |
|
| 176 |
| url |
VCID-wbrs-de57-1bd9 |
| vulnerability_id |
VCID-wbrs-de57-1bd9 |
| summary |
Multiple buffer overflows in Asterisk might allow remote attackers
to cause a Denial of Service condition. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-2289 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03701 |
| scoring_system |
epss |
| scoring_elements |
0.87898 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.03701 |
| scoring_system |
epss |
| scoring_elements |
0.87908 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.03701 |
| scoring_system |
epss |
| scoring_elements |
0.87922 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.03701 |
| scoring_system |
epss |
| scoring_elements |
0.87925 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.03701 |
| scoring_system |
epss |
| scoring_elements |
0.87946 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.03701 |
| scoring_system |
epss |
| scoring_elements |
0.87952 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.03701 |
| scoring_system |
epss |
| scoring_elements |
0.87963 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.03701 |
| scoring_system |
epss |
| scoring_elements |
0.87955 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-2289 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-2289
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wbrs-de57-1bd9 |
|
| 177 |
| url |
VCID-wfgw-5dme-yfan |
| vulnerability_id |
VCID-wfgw-5dme-yfan |
| summary |
Multiple vulnerabilities have been found in Asterisk. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-3762 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.10199 |
| scoring_system |
epss |
| scoring_elements |
0.93102 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.10199 |
| scoring_system |
epss |
| scoring_elements |
0.93111 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.10199 |
| scoring_system |
epss |
| scoring_elements |
0.93115 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.10199 |
| scoring_system |
epss |
| scoring_elements |
0.93114 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.10199 |
| scoring_system |
epss |
| scoring_elements |
0.93122 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.10199 |
| scoring_system |
epss |
| scoring_elements |
0.93127 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.10199 |
| scoring_system |
epss |
| scoring_elements |
0.93132 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.10199 |
| scoring_system |
epss |
| scoring_elements |
0.9313 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.10199 |
| scoring_system |
epss |
| scoring_elements |
0.93131 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-3762 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-3762
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wfgw-5dme-yfan |
|
| 178 |
| url |
VCID-wsh5-yefr-d7ad |
| vulnerability_id |
VCID-wsh5-yefr-d7ad |
| summary |
Asterisk is vulnerable to two Denial of Service issues in the SIP channel. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-1561 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.20671 |
| scoring_system |
epss |
| scoring_elements |
0.95589 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.20671 |
| scoring_system |
epss |
| scoring_elements |
0.95556 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.20671 |
| scoring_system |
epss |
| scoring_elements |
0.95565 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.20671 |
| scoring_system |
epss |
| scoring_elements |
0.9557 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.20671 |
| scoring_system |
epss |
| scoring_elements |
0.95573 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.20671 |
| scoring_system |
epss |
| scoring_elements |
0.9558 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.20671 |
| scoring_system |
epss |
| scoring_elements |
0.95583 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.20671 |
| scoring_system |
epss |
| scoring_elements |
0.95587 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.20671 |
| scoring_system |
epss |
| scoring_elements |
0.95588 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-1561 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-1561
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wsh5-yefr-d7ad |
|
| 179 |
| url |
VCID-wz3z-sq5y-pbd6 |
| vulnerability_id |
VCID-wz3z-sq5y-pbd6 |
| summary |
SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-6171 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40709 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40743 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40762 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40728 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40687 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40737 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00256 |
| scoring_system |
epss |
| scoring_elements |
0.48986 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00256 |
| scoring_system |
epss |
| scoring_elements |
0.49013 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00256 |
| scoring_system |
epss |
| scoring_elements |
0.4895 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-6171 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-6171
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wz3z-sq5y-pbd6 |
|
| 180 |
| url |
VCID-x2gp-mft6-1yhy |
| vulnerability_id |
VCID-x2gp-mft6-1yhy |
| summary |
An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-13161 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02171 |
| scoring_system |
epss |
| scoring_elements |
0.84257 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02171 |
| scoring_system |
epss |
| scoring_elements |
0.84269 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.02171 |
| scoring_system |
epss |
| scoring_elements |
0.84287 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.02171 |
| scoring_system |
epss |
| scoring_elements |
0.84289 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02171 |
| scoring_system |
epss |
| scoring_elements |
0.8431 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02171 |
| scoring_system |
epss |
| scoring_elements |
0.84315 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02171 |
| scoring_system |
epss |
| scoring_elements |
0.84334 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02171 |
| scoring_system |
epss |
| scoring_elements |
0.84326 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02171 |
| scoring_system |
epss |
| scoring_elements |
0.84323 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-13161 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-13161
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x2gp-mft6-1yhy |
|
| 181 |
| url |
VCID-xbe4-uvqu-6kf7 |
| vulnerability_id |
VCID-xbe4-uvqu-6kf7 |
| summary |
Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12827 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.1959 |
| scoring_system |
epss |
| scoring_elements |
0.95377 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.1959 |
| scoring_system |
epss |
| scoring_elements |
0.95386 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.1959 |
| scoring_system |
epss |
| scoring_elements |
0.95392 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.1959 |
| scoring_system |
epss |
| scoring_elements |
0.95397 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.1959 |
| scoring_system |
epss |
| scoring_elements |
0.95404 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.1959 |
| scoring_system |
epss |
| scoring_elements |
0.95406 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.1959 |
| scoring_system |
epss |
| scoring_elements |
0.95411 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.1959 |
| scoring_system |
epss |
| scoring_elements |
0.95413 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12827 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12827
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xbe4-uvqu-6kf7 |
|
| 182 |
| url |
VCID-xcpx-unz5-gqbp |
| vulnerability_id |
VCID-xcpx-unz5-gqbp |
| summary |
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19278 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03349 |
| scoring_system |
epss |
| scoring_elements |
0.87266 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.03349 |
| scoring_system |
epss |
| scoring_elements |
0.87276 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.03349 |
| scoring_system |
epss |
| scoring_elements |
0.87292 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.03349 |
| scoring_system |
epss |
| scoring_elements |
0.8729 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.03349 |
| scoring_system |
epss |
| scoring_elements |
0.87309 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.03349 |
| scoring_system |
epss |
| scoring_elements |
0.87317 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.03349 |
| scoring_system |
epss |
| scoring_elements |
0.87329 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.03349 |
| scoring_system |
epss |
| scoring_elements |
0.87323 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.03349 |
| scoring_system |
epss |
| scoring_elements |
0.87319 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19278 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-19278
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xcpx-unz5-gqbp |
|
| 183 |
| url |
VCID-xqg6-5cn7-4bct |
| vulnerability_id |
VCID-xqg6-5cn7-4bct |
| summary |
Multiple vulnerabilities in Asterisk might allow unauthenticated
remote attackers to execute arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-4063 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06434 |
| scoring_system |
epss |
| scoring_elements |
0.91009 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.06434 |
| scoring_system |
epss |
| scoring_elements |
0.91014 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.06434 |
| scoring_system |
epss |
| scoring_elements |
0.91023 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.06434 |
| scoring_system |
epss |
| scoring_elements |
0.91033 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.06434 |
| scoring_system |
epss |
| scoring_elements |
0.91045 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.06434 |
| scoring_system |
epss |
| scoring_elements |
0.91052 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.06434 |
| scoring_system |
epss |
| scoring_elements |
0.9106 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.06434 |
| scoring_system |
epss |
| scoring_elements |
0.91061 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-4063 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-4063
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xqg6-5cn7-4bct |
|
| 184 |
| url |
VCID-xr4a-tmxe-8fcd |
| vulnerability_id |
VCID-xr4a-tmxe-8fcd |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-26712 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0327 |
| scoring_system |
epss |
| scoring_elements |
0.87107 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0327 |
| scoring_system |
epss |
| scoring_elements |
0.87117 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0327 |
| scoring_system |
epss |
| scoring_elements |
0.87134 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0327 |
| scoring_system |
epss |
| scoring_elements |
0.87127 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0327 |
| scoring_system |
epss |
| scoring_elements |
0.87147 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0327 |
| scoring_system |
epss |
| scoring_elements |
0.87155 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0327 |
| scoring_system |
epss |
| scoring_elements |
0.87168 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0327 |
| scoring_system |
epss |
| scoring_elements |
0.87163 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0327 |
| scoring_system |
epss |
| scoring_elements |
0.87158 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-26712 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-26712
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xr4a-tmxe-8fcd |
|
| 185 |
| url |
VCID-xt5z-2sgq-4fc4 |
| vulnerability_id |
VCID-xt5z-2sgq-4fc4 |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which may allow execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-5977 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01103 |
| scoring_system |
epss |
| scoring_elements |
0.78069 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.01103 |
| scoring_system |
epss |
| scoring_elements |
0.78013 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01103 |
| scoring_system |
epss |
| scoring_elements |
0.78022 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01103 |
| scoring_system |
epss |
| scoring_elements |
0.78051 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01103 |
| scoring_system |
epss |
| scoring_elements |
0.78033 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01103 |
| scoring_system |
epss |
| scoring_elements |
0.78059 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01103 |
| scoring_system |
epss |
| scoring_elements |
0.78064 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01103 |
| scoring_system |
epss |
| scoring_elements |
0.7809 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01103 |
| scoring_system |
epss |
| scoring_elements |
0.78072 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-5977 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
|
| 112 |
|
| 113 |
|
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
|
| 120 |
|
| 121 |
|
| 122 |
|
| 123 |
|
| 124 |
|
| 125 |
|
| 126 |
|
| 127 |
|
| 128 |
|
| 129 |
|
| 130 |
|
| 131 |
|
| 132 |
|
| 133 |
|
| 134 |
|
| 135 |
|
| 136 |
|
| 137 |
|
| 138 |
|
| 139 |
|
| 140 |
|
| 141 |
|
| 142 |
|
| 143 |
|
| 144 |
|
| 145 |
|
| 146 |
|
| 147 |
|
| 148 |
|
| 149 |
|
| 150 |
|
| 151 |
|
| 152 |
|
| 153 |
|
| 154 |
|
| 155 |
|
| 156 |
|
| 157 |
|
| 158 |
|
| 159 |
|
| 160 |
|
| 161 |
|
| 162 |
|
| 163 |
|
| 164 |
|
| 165 |
|
| 166 |
|
| 167 |
|
| 168 |
|
| 169 |
|
| 170 |
|
| 171 |
|
| 172 |
|
| 173 |
|
| 174 |
|
| 175 |
|
| 176 |
|
| 177 |
|
| 178 |
|
| 179 |
|
| 180 |
|
| 181 |
|
| 182 |
|
| 183 |
|
| 184 |
|
| 185 |
|
| 186 |
|
| 187 |
|
| 188 |
|
| 189 |
|
| 190 |
|
| 191 |
|
| 192 |
|
| 193 |
|
| 194 |
|
| 195 |
|
| 196 |
|
| 197 |
|
| 198 |
|
| 199 |
|
| 200 |
|
| 201 |
|
| 202 |
|
| 203 |
|
| 204 |
|
| 205 |
|
| 206 |
|
| 207 |
|
| 208 |
|
| 209 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-5977
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xt5z-2sgq-4fc4 |
|
| 186 |
| url |
VCID-y3vu-z8tx-tubb |
| vulnerability_id |
VCID-y3vu-z8tx-tubb |
| summary |
An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-18976 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37646 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37675 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37547 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37729 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37754 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37632 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37683 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37696 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.3771 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-18976 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-18976
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y3vu-z8tx-tubb |
|
| 187 |
| url |
VCID-y6sx-xqsh-wbcg |
| vulnerability_id |
VCID-y6sx-xqsh-wbcg |
| summary |
Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24764 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00942 |
| scoring_system |
epss |
| scoring_elements |
0.76197 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00942 |
| scoring_system |
epss |
| scoring_elements |
0.76229 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00942 |
| scoring_system |
epss |
| scoring_elements |
0.76209 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00942 |
| scoring_system |
epss |
| scoring_elements |
0.76241 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00942 |
| scoring_system |
epss |
| scoring_elements |
0.76254 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00942 |
| scoring_system |
epss |
| scoring_elements |
0.76281 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00942 |
| scoring_system |
epss |
| scoring_elements |
0.76258 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24764 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-24764
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y6sx-xqsh-wbcg |
|
| 188 |
| url |
VCID-ytty-tbs1-ffc7 |
| vulnerability_id |
VCID-ytty-tbs1-ffc7 |
| summary |
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. The endpoint at GET /httpstatus is the potential vulnerable endpoint relating to asterisk/main /http.c. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-23738 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13564 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13611 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13683 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13745 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13546 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13627 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13678 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13648 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-23738 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-23738
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ytty-tbs1-ffc7 |
|
| 189 |
| url |
VCID-yx1m-ayfg-ryc3 |
| vulnerability_id |
VCID-yx1m-ayfg-ryc3 |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43300 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00482 |
| scoring_system |
epss |
| scoring_elements |
0.65068 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00482 |
| scoring_system |
epss |
| scoring_elements |
0.65118 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68217 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68193 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68244 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68259 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68284 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68272 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00559 |
| scoring_system |
epss |
| scoring_elements |
0.68238 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43300 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-43300
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yx1m-ayfg-ryc3 |
|
| 190 |
| url |
VCID-yyjj-7dwq-nueq |
| vulnerability_id |
VCID-yyjj-7dwq-nueq |
| summary |
A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-7285 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67391 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67427 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67448 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67479 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67493 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67516 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67503 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67469 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-7285 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-7285
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yyjj-7dwq-nueq |
|
| 191 |
| url |
VCID-z3fq-m317-ckb8 |
| vulnerability_id |
VCID-z3fq-m317-ckb8 |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-26651 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00436 |
| scoring_system |
epss |
| scoring_elements |
0.62891 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00436 |
| scoring_system |
epss |
| scoring_elements |
0.62921 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00436 |
| scoring_system |
epss |
| scoring_elements |
0.62885 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00436 |
| scoring_system |
epss |
| scoring_elements |
0.62936 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00436 |
| scoring_system |
epss |
| scoring_elements |
0.62952 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00436 |
| scoring_system |
epss |
| scoring_elements |
0.6297 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00436 |
| scoring_system |
epss |
| scoring_elements |
0.62958 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-26651 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-26651
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z3fq-m317-ckb8 |
|
| 192 |
| url |
VCID-zabf-adce-sqde |
| vulnerability_id |
VCID-zabf-adce-sqde |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-42705 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01567 |
| scoring_system |
epss |
| scoring_elements |
0.8146 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.01567 |
| scoring_system |
epss |
| scoring_elements |
0.81482 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.01567 |
| scoring_system |
epss |
| scoring_elements |
0.81479 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.01567 |
| scoring_system |
epss |
| scoring_elements |
0.81507 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.01567 |
| scoring_system |
epss |
| scoring_elements |
0.81513 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.01567 |
| scoring_system |
epss |
| scoring_elements |
0.81533 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.01567 |
| scoring_system |
epss |
| scoring_elements |
0.8152 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-42705 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-42705
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zabf-adce-sqde |
|
| 193 |
| url |
VCID-zbwp-f5me-jqhu |
| vulnerability_id |
VCID-zbwp-f5me-jqhu |
| summary |
Multiple buffer overflows in Asterisk might allow remote attackers
to cause a Denial of Service condition. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-2286 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.14756 |
| scoring_system |
epss |
| scoring_elements |
0.94458 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.14756 |
| scoring_system |
epss |
| scoring_elements |
0.94465 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.14756 |
| scoring_system |
epss |
| scoring_elements |
0.94473 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.14756 |
| scoring_system |
epss |
| scoring_elements |
0.94475 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.14756 |
| scoring_system |
epss |
| scoring_elements |
0.94484 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.14756 |
| scoring_system |
epss |
| scoring_elements |
0.94488 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.14756 |
| scoring_system |
epss |
| scoring_elements |
0.94492 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.14756 |
| scoring_system |
epss |
| scoring_elements |
0.94494 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.14756 |
| scoring_system |
epss |
| scoring_elements |
0.94493 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-2286 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-2286
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zbwp-f5me-jqhu |
|
| 194 |
| url |
VCID-zgqk-kej8-qkhg |
| vulnerability_id |
VCID-zgqk-kej8-qkhg |
| summary |
A vulnerability in Asterisk could allow a remote attacker to cause
a Denial of Service condition. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-0885 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.77549 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.77556 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.77582 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.77562 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.77592 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.77599 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.77626 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.7761 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.77609 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-0885 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-0885
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zgqk-kej8-qkhg |
|
| 195 |
| url |
VCID-zkuy-4hqk-vkca |
| vulnerability_id |
VCID-zkuy-4hqk-vkca |
| summary |
Multiple vulnerabilities have been found in Asterisk allowing for Denial of
Service and username disclosure. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-5558 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02095 |
| scoring_system |
epss |
| scoring_elements |
0.8404 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.02095 |
| scoring_system |
epss |
| scoring_elements |
0.83973 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.02095 |
| scoring_system |
epss |
| scoring_elements |
0.83987 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.02095 |
| scoring_system |
epss |
| scoring_elements |
0.84002 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.02095 |
| scoring_system |
epss |
| scoring_elements |
0.84005 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.02095 |
| scoring_system |
epss |
| scoring_elements |
0.84028 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.02095 |
| scoring_system |
epss |
| scoring_elements |
0.84035 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.02095 |
| scoring_system |
epss |
| scoring_elements |
0.84052 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.02095 |
| scoring_system |
epss |
| scoring_elements |
0.84045 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-5558 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-5558
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zkuy-4hqk-vkca |
|
| 196 |
| url |
VCID-zn8s-5jkp-bkbr |
| vulnerability_id |
VCID-zn8s-5jkp-bkbr |
| summary |
The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-2294 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04612 |
| scoring_system |
epss |
| scoring_elements |
0.89258 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.04612 |
| scoring_system |
epss |
| scoring_elements |
0.89211 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.04612 |
| scoring_system |
epss |
| scoring_elements |
0.89216 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.04612 |
| scoring_system |
epss |
| scoring_elements |
0.89231 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.04612 |
| scoring_system |
epss |
| scoring_elements |
0.89233 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.04612 |
| scoring_system |
epss |
| scoring_elements |
0.89251 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.04612 |
| scoring_system |
epss |
| scoring_elements |
0.89255 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.04612 |
| scoring_system |
epss |
| scoring_elements |
0.89265 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.04612 |
| scoring_system |
epss |
| scoring_elements |
0.89261 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-2294 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-2294
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zn8s-5jkp-bkbr |
|
| 197 |
| url |
VCID-zr2v-gabj-8kak |
| vulnerability_id |
VCID-zr2v-gabj-8kak |
| summary |
asterisk: Two buffer overflows in RTP Codec Payload Handling (AST-2008-002) |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-1289 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.24953 |
| scoring_system |
epss |
| scoring_elements |
0.96126 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.24953 |
| scoring_system |
epss |
| scoring_elements |
0.96134 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.24953 |
| scoring_system |
epss |
| scoring_elements |
0.96141 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.24953 |
| scoring_system |
epss |
| scoring_elements |
0.96146 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.24953 |
| scoring_system |
epss |
| scoring_elements |
0.96156 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.24953 |
| scoring_system |
epss |
| scoring_elements |
0.9616 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.24953 |
| scoring_system |
epss |
| scoring_elements |
0.96162 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.24953 |
| scoring_system |
epss |
| scoring_elements |
0.96164 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-1289 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-1289
|
| risk_score |
0.4 |
| exploitability |
2.0 |
| weighted_severity |
0.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zr2v-gabj-8kak |
|
| 198 |
| url |
VCID-ztn6-xpxt-vkhb |
| vulnerability_id |
VCID-ztn6-xpxt-vkhb |
| summary |
SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2003-0779 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09083 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09089 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09142 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09062 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09173 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.0914 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09126 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2003-0779 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2003-0779
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ztn6-xpxt-vkhb |
|
| 199 |
| url |
VCID-zv1p-p8tb-dqhm |
| vulnerability_id |
VCID-zv1p-p8tb-dqhm |
| summary |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-31878 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0019 |
| scoring_system |
epss |
| scoring_elements |
0.40815 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0019 |
| scoring_system |
epss |
| scoring_elements |
0.40898 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0019 |
| scoring_system |
epss |
| scoring_elements |
0.40926 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0019 |
| scoring_system |
epss |
| scoring_elements |
0.40854 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0019 |
| scoring_system |
epss |
| scoring_elements |
0.40904 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0019 |
| scoring_system |
epss |
| scoring_elements |
0.4091 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0019 |
| scoring_system |
epss |
| scoring_elements |
0.40927 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0019 |
| scoring_system |
epss |
| scoring_elements |
0.40892 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0019 |
| scoring_system |
epss |
| scoring_elements |
0.40873 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-31878 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-31878
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zv1p-p8tb-dqhm |
|
| 200 |
| url |
VCID-zvpn-2gds-9yc4 |
| vulnerability_id |
VCID-zvpn-2gds-9yc4 |
| summary |
Multiple vulnerabilities in Asterisk might allow remote attackers to cause
a Denial of Service condition, or conduct other attacks. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-2346 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.73959 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.73966 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.73992 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.73963 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.73997 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.74011 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.74033 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.74015 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00798 |
| scoring_system |
epss |
| scoring_elements |
0.74007 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-2346 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-2346
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zvpn-2gds-9yc4 |
|
| 201 |
| url |
VCID-zvwt-wp8r-1qhx |
| vulnerability_id |
VCID-zvwt-wp8r-1qhx |
| summary |
Multiple vulnerabilities have been found in Asterisk, the worst of
which could result in a Denial of Service condition. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-16672 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05269 |
| scoring_system |
epss |
| scoring_elements |
0.90001 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.05269 |
| scoring_system |
epss |
| scoring_elements |
0.90003 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.05269 |
| scoring_system |
epss |
| scoring_elements |
0.89952 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.05269 |
| scoring_system |
epss |
| scoring_elements |
0.89955 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.05269 |
| scoring_system |
epss |
| scoring_elements |
0.89967 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.05269 |
| scoring_system |
epss |
| scoring_elements |
0.89974 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.05269 |
| scoring_system |
epss |
| scoring_elements |
0.8999 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.05269 |
| scoring_system |
epss |
| scoring_elements |
0.89995 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-16672 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-16672
|
| risk_score |
2.6 |
| exploitability |
0.5 |
| weighted_severity |
5.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zvwt-wp8r-1qhx |
|
| 202 |
| url |
VCID-zxkf-88k3-3qcn |
| vulnerability_id |
VCID-zxkf-88k3-3qcn |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43302 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00362 |
| scoring_system |
epss |
| scoring_elements |
0.5817 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00362 |
| scoring_system |
epss |
| scoring_elements |
0.58255 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0042 |
| scoring_system |
epss |
| scoring_elements |
0.61902 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0042 |
| scoring_system |
epss |
| scoring_elements |
0.61873 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0042 |
| scoring_system |
epss |
| scoring_elements |
0.61922 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0042 |
| scoring_system |
epss |
| scoring_elements |
0.61939 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0042 |
| scoring_system |
epss |
| scoring_elements |
0.6196 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0042 |
| scoring_system |
epss |
| scoring_elements |
0.61949 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0042 |
| scoring_system |
epss |
| scoring_elements |
0.61928 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43302 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-43302
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zxkf-88k3-3qcn |
|
| 203 |
| url |
VCID-zzpx-gwmv-sfbz |
| vulnerability_id |
VCID-zzpx-gwmv-sfbz |
| summary |
An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9938 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01419 |
| scoring_system |
epss |
| scoring_elements |
0.80524 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01419 |
| scoring_system |
epss |
| scoring_elements |
0.80531 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01419 |
| scoring_system |
epss |
| scoring_elements |
0.80553 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01419 |
| scoring_system |
epss |
| scoring_elements |
0.80545 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01419 |
| scoring_system |
epss |
| scoring_elements |
0.80574 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01419 |
| scoring_system |
epss |
| scoring_elements |
0.80584 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01419 |
| scoring_system |
epss |
| scoring_elements |
0.80601 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01419 |
| scoring_system |
epss |
| scoring_elements |
0.80587 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01419 |
| scoring_system |
epss |
| scoring_elements |
0.80579 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9938 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9938
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zzpx-gwmv-sfbz |
|