Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid

Type deb

Namespace debian

Name asterisk

Version 1:1.8.13.1~dfsg-1

Qualifiers

distro	sid

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1:1.8.13.1~dfsg-2

Latest_non_vulnerable_version 1:22.9.0+dfsg+~cs6.16.60671434-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-emr1-3t75-ekg4

vulnerability_id VCID-emr1-3t75-ekg4

summary channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-3863

reference_id

reference_type

scores

value	0.07186
scoring_system	epss
scoring_elements	0.91712
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3863

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3863
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3863

reference_url	https://security.gentoo.org/glsa/201209-15
reference_id	GLSA-201209-15
reference_type
scores
url	https://security.gentoo.org/glsa/201209-15

fixed_packages

url	pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid
purl	pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gh5j-yza2-v3fu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2012-3863

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-emr1-3t75-ekg4

url VCID-j7sx-6dhs-wbff

vulnerability_id VCID-j7sx-6dhs-wbff

summary Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-2186

reference_id

reference_type

scores

value	0.00465
scoring_system	epss
scoring_elements	0.64665
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2186

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2186
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2186

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680470
reference_id	680470
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680470

reference_url	https://security.gentoo.org/glsa/201209-15
reference_id	GLSA-201209-15
reference_type
scores
url	https://security.gentoo.org/glsa/201209-15

fixed_packages

url	pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid
purl	pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gh5j-yza2-v3fu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2012-2186

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7sx-6dhs-wbff

url VCID-sh84-ms1c-efff

vulnerability_id VCID-sh84-ms1c-efff

summary channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-4737

reference_id

reference_type

scores

value	0.01504
scoring_system	epss
scoring_elements	0.81461
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-4737

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4737
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4737

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680470
reference_id	680470
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680470

reference_url	https://security.gentoo.org/glsa/201209-15
reference_id	GLSA-201209-15
reference_type
scores
url	https://security.gentoo.org/glsa/201209-15

fixed_packages

url	pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid
purl	pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gh5j-yza2-v3fu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2012-4737

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sh84-ms1c-efff

url VCID-whex-hbuj-97ge

vulnerability_id VCID-whex-hbuj-97ge

summary Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-3812

reference_id

reference_type

scores

value	0.07186
scoring_system	epss
scoring_elements	0.91712
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3812

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680470
reference_id	680470
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680470

reference_url	https://security.gentoo.org/glsa/201209-15
reference_id	GLSA-201209-15
reference_type
scores
url	https://security.gentoo.org/glsa/201209-15

fixed_packages

url	pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid
purl	pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gh5j-yza2-v3fu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2012-3812

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-whex-hbuj-97ge

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1%3Fdistro=sid

Package Instance