| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-23741 | ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation | asterisk | asterisk | None | 0.0 | 2026-02-06 16:47:20 | Deep Dive |
| CVE-2026-23740 | Asterisk vulnerable to potential privilege escalation | asterisk | asterisk | None | 0.0 | 2026-02-06 16:43:41 | Deep Dive |
| CVE-2026-23739 | Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection | asterisk | asterisk | Low | 2.0 | 2026-02-06 16:42:26 | Deep Dive |
| CVE-2026-23738 | The Asterisk embedded web server 's /httpstatus page echos user supplied values(cookie and query string) without sanitization | asterisk | asterisk | Low | 3.5 | 2026-02-06 16:41:44 | Deep Dive |
| CVE-2025-1131 | Asterisk Unsafe Shell Sourcing in safe_asterisk Leads to Local Privilege Escalation | Asterisk | Asterisk | - | - | 2025-09-23 04:31:03 | Deep Dive |
| CVE-2025-57767 | Asterisk can crash from a specifically malformed Authorization header in an incoming SIP request | asterisk | asterisk | High | 7.5 | 2025-08-28 15:33:00 | Deep Dive |
| CVE-2025-54995 | Asterisk remotely exploitable leak of RTP UDP ports and internal resources | asterisk | asterisk | Medium | 6.5 | 2025-08-28 15:08:04 | Deep Dive |
| CVE-2025-49832 | Asterisk is Vulnerable to Remote DoS and possible RCE Attacks During Memory Allocation | asterisk | asterisk | Medium | 6.5 | 2025-08-01 17:57:30 | Deep Dive |
| CVE-2025-47780 | cli_permissions.conf: deny option does not work for disallowing shell commands | asterisk | asterisk | - | - | 2025-05-22 16:56:29 | Deep Dive |
| CVE-2025-47779 | Using malformed From header can forge identity with ";" or NULL in name portion | asterisk | asterisk | High | 7.7 | 2025-05-22 16:54:26 | Deep Dive |
| CVE-2024-42491 | A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used | asterisk | asterisk | Medium | 5.7 | 2024-09-05 17:17:57 | Deep Dive |
| CVE-2024-42365 | Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan | asterisk | asterisk | High | 7.4 | 2024-08-08 16:29:07 | Deep Dive |
| CVE-2024-35190 | Asterisk' res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests | asterisk | asterisk | Medium | 5.8 | 2024-05-17 16:55:41 | Deep Dive |
| CVE-2023-49786 | Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation | asterisk | asterisk | High | 7.5 | 2023-12-14 19:47:46 | Deep Dive |
| CVE-2023-37457 | Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update' | asterisk | asterisk | High | 7.5 | 2023-12-14 19:43:31 | Deep Dive |
| CVE-2023-49294 | Asterisk Path Traversal vulnerability | asterisk | asterisk | Medium | 4.9 | 2023-12-14 19:40:46 | Deep Dive |
| CVE-2009-3723 | Digium Asterisk 安全漏洞 | asterisk | asterisk | 高危 | - | 2019-10-29 12:42:08 | Deep Dive |
| CVE-2017-14001 | Digium Asterisk GUI 操作系统命令注入漏洞 | - | Digium Asterisk GUI | 高危 | - | 2017-09-26 02:00:00 | Deep Dive |