Lucene search
K

3523 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.5 views

Fedora 43 : asterisk (2026-80b21debe7)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-80b21debe7 advisory. Update to Asterisk 18.26.4, addressing numerous security vulnerabilities accumulated since the long-stale 18.12.1 package. The following CVEs are...

9.8CVSS7.3AI score0.4557EPSS
Exploits14References16
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.8 views

Fedora 44 : asterisk (2026-38d71393c1)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-38d71393c1 advisory. Update to Asterisk 18.26.4, addressing numerous security vulnerabilities accumulated since the long-stale 18.12.1 package. The following CVEs are...

9.8CVSS7.3AI score0.4557EPSS
Exploits14References16
SUSE CVE
SUSE CVE
added 2026/04/24 1:44 a.m.12 views

SUSE CVE-2009-3727

Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error message...

5CVSS5.8AI score0.04201EPSS
Exploits0References3
Veracode
Veracode
added 2026/04/09 7:29 a.m.6 views

Regular Expression Denial Of Service (ReDoS)

minimatch is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient handling of multiple consecutive wildcards in glob patterns, leading to exponential backtracking in regex evaluation, which allows an attacker to cause significant performance degradatio...

8.7CVSS6.6AI score0.00519EPSS
Exploits1References3Affected Software1
OpenVAS
OpenVAS
added 2026/03/31 12:0 a.m.3 views

Debian: Security Advisory (DLA-4515-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS5.9AI score0.00176EPSS
Exploits0References2
Debian
Debian
added 2026/03/30 11:17 a.m.5 views

[SECURITY] [DLA 4515-1] asterisk security update

Debian LTS Advisory DLA-4515-1 [email protected] https://www.debian.org/lts/security/ Lukas Märdian March 29, 2026 https://wiki.debian.org/LTS Package : asterisk Version : 1:16.28.0dfsg-0+deb11u9 CVE ID : CVE-2026-23738 CVE-2026-23739 CVE-2026-23740 CVE-2026-23741 Debian Bug : 1127438...

8.8CVSS5.9AI score0.00176EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.5 views

Debian dla-4515 : asterisk - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4515 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4515-1 [email protected]...

8.8CVSS5.9AI score0.00176EPSS
Exploits0References10
OSV
OSV
added 2026/03/29 12:0 a.m.3 views

DLA-4515-1 asterisk - security update

Bulletin has no description...

8.8CVSS5.8AI score0.00176EPSS
Exploits0
OSV
OSV
added 2026/03/09 9:15 a.m.5 views

CVE-2025-41759

An administrator may attempt to block all networks by specifying "" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. Instead, they are silently interpreted as network 0 which results in no networks being blocked at all...

4.9CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2026/03/09 9:15 a.m.4 views

CVE-2025-41759

An administrator may attempt to block all networks by specifying "" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. Instead, they are silently interpreted as network 0 which results in no networks being blocked at all...

4.9CVSS0.0032EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/09 8:16 a.m.31 views

CVE-2025-41759 Use of wildcard (“*” or “all”) in Block list

An administrator may attempt to block all networks by specifying "" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. Instead, they are silently interpreted as network 0 which results in no networks being blocked at all...

4.9CVSS0.0032EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/12 4:22 p.m.4 views

CVE-2025-55210

FreePBX is an open-source web-based graphical user interface GUI that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api PBX API is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to forge a valid JWT wit...

2CVSS5.6AI score0.00296EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/12 6:30 a.m.10 views

GHSA-38C4-R59V-3VQW markdown-it is has a Regular Expression Denial of Service (ReDoS)

Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching character, which triggers...

6.9CVSS5.9AI score0.00503EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/12 5:0 a.m.3 views

CVE-2026-2327

Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching character, which triggers...

6.9CVSS5.5AI score0.00503EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/07 7:31 p.m.8 views

CVE-2026-23741

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/astcoredumper runs as root, as noted by the NOTES tag on line 689 of the astcoredumper file. The script will source the conten...

8.8CVSS5.7AI score0.00173EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/07 7:31 p.m.11 views

CVE-2026-23739

A flaw was found in Asterisk. The astxmlopen function in xml.c processes XML documents using libxml with unsafe parsing options, enabling entity expansion and XInclude processing. A remote attacker can exploit this by providing specially crafted XML input, leading to XML External Entity XXE or...

6.5CVSS5.6AI score0.00176EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/07 7:31 p.m.6 views

CVE-2026-23738

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...

6.1CVSS5.2AI score0.0016EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/07 7:31 p.m.6 views

CVE-2026-23740

A flaw was found in Asterisk. When the astcoredumper writes its gdb init and output files to a world-writable directory, a local attacker with write permissions to that directory can exploit this vulnerability. By manipulating the gdb init file and output paths, the attacker can cause the system ...

7.8CVSS5.9AI score0.00112EPSS
Exploits0References4
NVD
NVD
added 2026/02/06 5:16 p.m.12 views

CVE-2026-23738

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...

6.1CVSS0.0016EPSS
Exploits0References1
NVD
NVD
added 2026/02/06 5:16 p.m.9 views

CVE-2026-23739

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...

6.5CVSS0.00176EPSS
Exploits0References1
Rows per page
Query Builder