Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
Typedeb
Namespacedebian
Nameasterisk
Version1:1.8.3.3-1
Qualifiers
distro sid
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1:1.8.4.2-1
Latest_non_vulnerable_version1:22.9.0+dfsg+~cs6.16.60671434-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-3j5q-cg6c-37ca
vulnerability_id VCID-3j5q-cg6c-37ca
summary The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2666
reference_id
reference_type
scores
0
value 0.0059
scoring_system epss
scoring_elements 0.69494
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2666
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2666
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2666
2
reference_url https://security.gentoo.org/glsa/201110-21
reference_id GLSA-201110-21
reference_type
scores
url https://security.gentoo.org/glsa/201110-21
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.3.3-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-2666
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3j5q-cg6c-37ca
1
url VCID-5z33-txfx-6bce
vulnerability_id VCID-5z33-txfx-6bce
summary Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1507
reference_id
reference_type
scores
0
value 0.00147
scoring_system epss
scoring_elements 0.34786
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1507
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1507
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1507
2
reference_url https://security.gentoo.org/glsa/201110-21
reference_id GLSA-201110-21
reference_type
scores
url https://security.gentoo.org/glsa/201110-21
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.3.3-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-1507
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5z33-txfx-6bce
2
url VCID-93p3-29pk-kkhm
vulnerability_id VCID-93p3-29pk-kkhm
summary Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1147
reference_id
reference_type
scores
0
value 0.0342
scoring_system epss
scoring_elements 0.8765
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1147
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1147
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614580
reference_id 614580
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614580
3
reference_url https://security.gentoo.org/glsa/201110-21
reference_id GLSA-201110-21
reference_type
scores
url https://security.gentoo.org/glsa/201110-21
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.3.3-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-1147
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93p3-29pk-kkhm
3
url VCID-cf97-dgaw-a7ft
vulnerability_id VCID-cf97-dgaw-a7ft
summary tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1175
reference_id
reference_type
scores
0
value 0.00284
scoring_system epss
scoring_elements 0.5204
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1175
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1175
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1175
2
reference_url https://security.gentoo.org/glsa/201110-21
reference_id GLSA-201110-21
reference_type
scores
url https://security.gentoo.org/glsa/201110-21
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.3.3-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-1175
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cf97-dgaw-a7ft
4
url VCID-m749-tkbh-5ygf
vulnerability_id VCID-m749-tkbh-5ygf
summary manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1174
reference_id
reference_type
scores
0
value 0.0029
scoring_system epss
scoring_elements 0.52652
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1174
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1174
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1174
2
reference_url https://security.gentoo.org/glsa/201110-21
reference_id GLSA-201110-21
reference_type
scores
url https://security.gentoo.org/glsa/201110-21
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.3.3-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-1174
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m749-tkbh-5ygf
5
url VCID-y4c5-z7zt-yuaf
vulnerability_id VCID-y4c5-z7zt-yuaf
summary manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1599
reference_id
reference_type
scores
0
value 0.00338
scoring_system epss
scoring_elements 0.56843
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1599
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1599
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1599
2
reference_url https://security.gentoo.org/glsa/201110-21
reference_id GLSA-201110-21
reference_type
scores
url https://security.gentoo.org/glsa/201110-21
fixed_packages
0
url pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
purl pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.3.3-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gh5j-yza2-v3fu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2011-1599
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y4c5-z7zt-yuaf
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.3.3-1%3Fdistro=sid