Lookup for vulnerable packages by Package URL.
| Purl | pkg:deb/debian/trafficserver@0?distro=sid |
|---|
| Type | deb |
|---|
| Namespace | debian |
|---|
| Name | trafficserver |
|---|
| Version | 0 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 3.0.4-1 |
|---|
| Latest_non_vulnerable_version | 9.2.5+ds-0+deb12u4 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-376v-6shk-8ycq |
| vulnerability_id |
VCID-376v-6shk-8ycq |
| summary |
Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-2952 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01206 |
| scoring_system |
epss |
| scoring_elements |
0.78981 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.01206 |
| scoring_system |
epss |
| scoring_elements |
0.7891 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01206 |
| scoring_system |
epss |
| scoring_elements |
0.78916 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01206 |
| scoring_system |
epss |
| scoring_elements |
0.78945 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01206 |
| scoring_system |
epss |
| scoring_elements |
0.78928 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01206 |
| scoring_system |
epss |
| scoring_elements |
0.78953 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01206 |
| scoring_system |
epss |
| scoring_elements |
0.78959 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01206 |
| scoring_system |
epss |
| scoring_elements |
0.78982 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.01206 |
| scoring_system |
epss |
| scoring_elements |
0.78967 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.01206 |
| scoring_system |
epss |
| scoring_elements |
0.78957 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.01206 |
| scoring_system |
epss |
| scoring_elements |
0.78985 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-2952 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-2952
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-376v-6shk-8ycq |
|
| 1 |
| url |
VCID-61q8-wyrp-rycg |
| vulnerability_id |
VCID-61q8-wyrp-rycg |
| summary |
Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-41585 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01034 |
| scoring_system |
epss |
| scoring_elements |
0.77311 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01034 |
| scoring_system |
epss |
| scoring_elements |
0.77317 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01034 |
| scoring_system |
epss |
| scoring_elements |
0.77346 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01034 |
| scoring_system |
epss |
| scoring_elements |
0.77326 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01034 |
| scoring_system |
epss |
| scoring_elements |
0.77357 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01034 |
| scoring_system |
epss |
| scoring_elements |
0.77366 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01034 |
| scoring_system |
epss |
| scoring_elements |
0.77393 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01034 |
| scoring_system |
epss |
| scoring_elements |
0.77372 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01034 |
| scoring_system |
epss |
| scoring_elements |
0.77369 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.01034 |
| scoring_system |
epss |
| scoring_elements |
0.77409 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.01034 |
| scoring_system |
epss |
| scoring_elements |
0.77408 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.01034 |
| scoring_system |
epss |
| scoring_elements |
0.774 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-41585 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-41585
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-61q8-wyrp-rycg |
|
| 2 |
| url |
VCID-8ta5-mh5e-cfft |
| vulnerability_id |
VCID-8ta5-mh5e-cfft |
| summary |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43082 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01102 |
| scoring_system |
epss |
| scoring_elements |
0.78009 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01102 |
| scoring_system |
epss |
| scoring_elements |
0.78017 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01102 |
| scoring_system |
epss |
| scoring_elements |
0.78046 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01102 |
| scoring_system |
epss |
| scoring_elements |
0.78028 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01102 |
| scoring_system |
epss |
| scoring_elements |
0.78054 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01102 |
| scoring_system |
epss |
| scoring_elements |
0.78059 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01102 |
| scoring_system |
epss |
| scoring_elements |
0.78085 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01102 |
| scoring_system |
epss |
| scoring_elements |
0.78067 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01102 |
| scoring_system |
epss |
| scoring_elements |
0.78064 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.01102 |
| scoring_system |
epss |
| scoring_elements |
0.781 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.01102 |
| scoring_system |
epss |
| scoring_elements |
0.78099 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.01102 |
| scoring_system |
epss |
| scoring_elements |
0.78092 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43082 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-43082
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8ta5-mh5e-cfft |
|
| 3 |
| url |
VCID-by94-r8f3-z3fs |
| vulnerability_id |
VCID-by94-r8f3-z3fs |
| summary |
Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27737 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.09467 |
| scoring_system |
epss |
| scoring_elements |
0.9279 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.09467 |
| scoring_system |
epss |
| scoring_elements |
0.92797 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.09467 |
| scoring_system |
epss |
| scoring_elements |
0.92802 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.09467 |
| scoring_system |
epss |
| scoring_elements |
0.928 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.09467 |
| scoring_system |
epss |
| scoring_elements |
0.92809 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.09467 |
| scoring_system |
epss |
| scoring_elements |
0.92813 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.09467 |
| scoring_system |
epss |
| scoring_elements |
0.92818 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.09467 |
| scoring_system |
epss |
| scoring_elements |
0.92817 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.09467 |
| scoring_system |
epss |
| scoring_elements |
0.92828 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.09467 |
| scoring_system |
epss |
| scoring_elements |
0.92832 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27737 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-27737
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-by94-r8f3-z3fs |
|
| 4 |
| url |
VCID-fvbh-59fu-cfb6 |
| vulnerability_id |
VCID-fvbh-59fu-cfb6 |
| summary |
Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-40743 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.08233 |
| scoring_system |
epss |
| scoring_elements |
0.92233 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.08233 |
| scoring_system |
epss |
| scoring_elements |
0.92231 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.08233 |
| scoring_system |
epss |
| scoring_elements |
0.92193 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.08233 |
| scoring_system |
epss |
| scoring_elements |
0.92199 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.08233 |
| scoring_system |
epss |
| scoring_elements |
0.92202 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.08233 |
| scoring_system |
epss |
| scoring_elements |
0.92213 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.08233 |
| scoring_system |
epss |
| scoring_elements |
0.92217 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.08233 |
| scoring_system |
epss |
| scoring_elements |
0.92222 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.08233 |
| scoring_system |
epss |
| scoring_elements |
0.92223 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.08233 |
| scoring_system |
epss |
| scoring_elements |
0.9222 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.08233 |
| scoring_system |
epss |
| scoring_elements |
0.92232 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-40743 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-40743
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fvbh-59fu-cfb6 |
|
| 5 |
| url |
VCID-gqeq-hqf6-abh9 |
| vulnerability_id |
VCID-gqeq-hqf6-abh9 |
| summary |
Improper Access Control vulnerability in Apache Traffic Server.
This issue affects Apache Traffic Server: from 10.0.0 through 10.0.3.
Users are recommended to upgrade to version 10.0.4, which fixes the issue. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-56196 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22568 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00075 |
| scoring_system |
epss |
| scoring_elements |
0.22573 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00077 |
| scoring_system |
epss |
| scoring_elements |
0.22932 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.0014 |
| scoring_system |
epss |
| scoring_elements |
0.34092 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45848 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45868 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45837 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45846 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.4582 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45841 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45792 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-56196 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-56196
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gqeq-hqf6-abh9 |
|
| 6 |
| url |
VCID-has1-mf68-q3am |
| vulnerability_id |
VCID-has1-mf68-q3am |
| summary |
Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2.
Users are recommended to upgrade to version 9.2.3, which fixes the issue. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-39456 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07335 |
| scoring_system |
epss |
| scoring_elements |
0.91664 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.07335 |
| scoring_system |
epss |
| scoring_elements |
0.9167 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.07335 |
| scoring_system |
epss |
| scoring_elements |
0.91679 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.07335 |
| scoring_system |
epss |
| scoring_elements |
0.91691 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.07335 |
| scoring_system |
epss |
| scoring_elements |
0.91698 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.07335 |
| scoring_system |
epss |
| scoring_elements |
0.91702 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.07335 |
| scoring_system |
epss |
| scoring_elements |
0.91704 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.07335 |
| scoring_system |
epss |
| scoring_elements |
0.917 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.07335 |
| scoring_system |
epss |
| scoring_elements |
0.91721 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.07335 |
| scoring_system |
epss |
| scoring_elements |
0.91714 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.07335 |
| scoring_system |
epss |
| scoring_elements |
0.91715 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-39456 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-39456
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-has1-mf68-q3am |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@0%3Fdistro=sid |
|---|