{"url":"http://public2.vulnerablecode.io/api/packages/1036811?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.19.dfsg1-0sarge2","type":"deb","namespace":"debian","name":"cyrus-sasl2","version":"2.1.19.dfsg1-0sarge2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.1.27+dfsg-2.1+deb11u1","latest_non_vulnerable_version":"2.1.27+dfsg-2.1+deb11u1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34792?format=json","vulnerability_id":"VCID-2hdg-fauv-7bhv","summary":"A NULL pointer dereference in Cyrus-SASL may allow remote attackers\n    to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4122.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4122.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4122","reference_id":"","reference_type":"","scores":[{"value":"0.01179","scoring_system":"epss","scoring_elements":"0.78833","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01179","scoring_system":"epss","scoring_elements":"0.78687","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01179","scoring_system":"epss","scoring_elements":"0.78694","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01179","scoring_system":"epss","scoring_elements":"0.78725","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01179","scoring_system":"epss","scoring_elements":"0.78707","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01179","scoring_system":"epss","scoring_elements":"0.78732","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01179","scoring_system":"epss","scoring_elements":"0.78739","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01179","scoring_system":"epss","scoring_elements":"0.78763","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01179","scoring_system":"epss","scoring_elements":"0.78746","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01179","scoring_system":"epss","scoring_elements":"0.78737","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01179","scoring_system":"epss","scoring_elements":"0.78765","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01179","scoring_system":"epss","scoring_elements":"0.7876","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01179","scoring_system":"epss","scoring_elements":"0.78788","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01179","scoring_system":"epss","scoring_elements":"0.78795","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01179","scoring_system":"epss","scoring_elements":"0.78813","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4122"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=716835","reference_id":"716835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=716835"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=984669","reference_id":"984669","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=984669"},{"reference_url":"https://security.gentoo.org/glsa/201309-01","reference_id":"GLSA-201309-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-01"},{"reference_url":"https://usn.ubuntu.com/1988-1/","reference_id":"USN-1988-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1988-1/"},{"reference_url":"https://usn.ubuntu.com/2755-1/","reference_id":"USN-2755-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2755-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036818?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.26.dfsg1-13%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hdg-fauv-7bhv"},{"vulnerability":"VCID-ca3b-g7k5-yucm"},{"vulnerability":"VCID-ukce-7qpu-c7cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.26.dfsg1-13%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1037528?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.27~101-g0780600%2Bdfsg-3%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ca3b-g7k5-yucm"},{"vulnerability":"VCID-ukce-7qpu-c7cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.27~101-g0780600%252Bdfsg-3%252Bdeb9u1"}],"aliases":["CVE-2013-4122"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2hdg-fauv-7bhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79325?format=json","vulnerability_id":"VCID-ca3b-g7k5-yucm","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19906.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19906.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19906","reference_id":"","reference_type":"","scores":[{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.5769","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57774","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57793","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57767","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57822","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57824","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57841","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57819","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57798","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57827","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57825","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65167","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65159","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65174","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65188","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65186","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1791854","reference_id":"1791854","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1791854"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947043","reference_id":"947043","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4497","reference_id":"RHSA-2020:4497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4497"},{"reference_url":"https://usn.ubuntu.com/4256-1/","reference_id":"USN-4256-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4256-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037528?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.27~101-g0780600%2Bdfsg-3%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ca3b-g7k5-yucm"},{"vulnerability":"VCID-ukce-7qpu-c7cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.27~101-g0780600%252Bdfsg-3%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1038290?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.27%2Bdfsg-1%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ca3b-g7k5-yucm"},{"vulnerability":"VCID-ukce-7qpu-c7cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.27%252Bdfsg-1%252Bdeb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1051998?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.27%2Bdfsg-2.1%2Bdeb11u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.27%252Bdfsg-2.1%252Bdeb11u1"}],"aliases":["CVE-2019-19906"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ca3b-g7k5-yucm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61759?format=json","vulnerability_id":"VCID-fthp-w8mb-nkgr","summary":"A buffer overflow in Cyrus-SASL might allow for the execution of arbitrary\n    code in applications or daemons that authenticate using SASL.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0688.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0688.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0688","reference_id":"","reference_type":"","scores":[{"value":"0.39477","scoring_system":"epss","scoring_elements":"0.97277","published_at":"2026-04-01T12:55:00Z"},{"value":"0.39477","scoring_system":"epss","scoring_elements":"0.97282","published_at":"2026-04-02T12:55:00Z"},{"value":"0.39477","scoring_system":"epss","scoring_elements":"0.97287","published_at":"2026-04-07T12:55:00Z"},{"value":"0.39477","scoring_system":"epss","scoring_elements":"0.97294","published_at":"2026-04-08T12:55:00Z"},{"value":"0.39477","scoring_system":"epss","scoring_elements":"0.97295","published_at":"2026-04-09T12:55:00Z"},{"value":"0.39477","scoring_system":"epss","scoring_elements":"0.97298","published_at":"2026-04-11T12:55:00Z"},{"value":"0.39477","scoring_system":"epss","scoring_elements":"0.97299","published_at":"2026-04-13T12:55:00Z"},{"value":"0.39477","scoring_system":"epss","scoring_elements":"0.97307","published_at":"2026-04-16T12:55:00Z"},{"value":"0.39477","scoring_system":"epss","scoring_elements":"0.9731","published_at":"2026-04-18T12:55:00Z"},{"value":"0.39477","scoring_system":"epss","scoring_elements":"0.97312","published_at":"2026-04-24T12:55:00Z"},{"value":"0.39477","scoring_system":"epss","scoring_elements":"0.97313","published_at":"2026-04-26T12:55:00Z"},{"value":"0.39477","scoring_system":"epss","scoring_elements":"0.97315","published_at":"2026-04-29T12:55:00Z"},{"value":"0.39477","scoring_system":"epss","scoring_elements":"0.97319","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0688"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0688","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0688"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=487251","reference_id":"487251","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=487251"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528749","reference_id":"528749","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528749"},{"reference_url":"https://security.gentoo.org/glsa/200907-09","reference_id":"GLSA-200907-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200907-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1116","reference_id":"RHSA-2009:1116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1116"},{"reference_url":"https://usn.ubuntu.com/790-1/","reference_id":"USN-790-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/790-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036815?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.23.dfsg1-7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hdg-fauv-7bhv"},{"vulnerability":"VCID-ca3b-g7k5-yucm"},{"vulnerability":"VCID-ukce-7qpu-c7cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.23.dfsg1-7"}],"aliases":["CVE-2009-0688"],"risk_score":0.2,"exploitability":"0.5","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fthp-w8mb-nkgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13044?format=json","vulnerability_id":"VCID-ukce-7qpu-c7cm","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nIn Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24407.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24407.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24407","reference_id":"","reference_type":"","scores":[{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62587","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62623","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.6263","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62612","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62624","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.6264","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62637","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62616","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62605","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62582","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67134","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67157","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67132","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67182","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67195","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst"},{"reference_url":"https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28","reference_id":"","reference_type":"","scores":[],"url":"https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28"},{"reference_url":"https://www.debian.org/security/2022/dsa-5087","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2022/dsa-5087"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/02/23/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2022/02/23/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2055326","reference_id":"2055326","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2055326"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24407","reference_id":"CVE-2022-24407","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0658","reference_id":"RHSA-2022:0658","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0658"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0666","reference_id":"RHSA-2022:0666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0668","reference_id":"RHSA-2022:0668","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0668"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0730","reference_id":"RHSA-2022:0730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0731","reference_id":"RHSA-2022:0731","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0780","reference_id":"RHSA-2022:0780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0841","reference_id":"RHSA-2022:0841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1029","reference_id":"RHSA-2022:1029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1029"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1263","reference_id":"RHSA-2022:1263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1263"},{"reference_url":"https://usn.ubuntu.com/5301-1/","reference_id":"USN-5301-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5301-1/"},{"reference_url":"https://usn.ubuntu.com/5301-2/","reference_id":"USN-5301-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5301-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038290?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.27%2Bdfsg-1%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ca3b-g7k5-yucm"},{"vulnerability":"VCID-ukce-7qpu-c7cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.27%252Bdfsg-1%252Bdeb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1051998?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.27%2Bdfsg-2.1%2Bdeb11u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.27%252Bdfsg-2.1%252Bdeb11u1"}],"aliases":["CVE-2022-24407"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukce-7qpu-c7cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58843?format=json","vulnerability_id":"VCID-ymyx-w5ve-gkgh","summary":"Cyrus-SASL contains a vulnerability in the DIGEST-MD5 process that could\n    lead to a Denial of Service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-1721.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-1721.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1721","reference_id":"","reference_type":"","scores":[{"value":"0.03614","scoring_system":"epss","scoring_elements":"0.87734","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03614","scoring_system":"epss","scoring_elements":"0.87745","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03614","scoring_system":"epss","scoring_elements":"0.87758","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03614","scoring_system":"epss","scoring_elements":"0.87761","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03614","scoring_system":"epss","scoring_elements":"0.87782","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03614","scoring_system":"epss","scoring_elements":"0.87788","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03614","scoring_system":"epss","scoring_elements":"0.87799","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03614","scoring_system":"epss","scoring_elements":"0.87794","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03614","scoring_system":"epss","scoring_elements":"0.87793","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03614","scoring_system":"epss","scoring_elements":"0.87807","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03614","scoring_system":"epss","scoring_elements":"0.87806","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03614","scoring_system":"epss","scoring_elements":"0.87803","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03614","scoring_system":"epss","scoring_elements":"0.87819","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03614","scoring_system":"epss","scoring_elements":"0.87826","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03614","scoring_system":"epss","scoring_elements":"0.87824","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03614","scoring_system":"epss","scoring_elements":"0.87837","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1721"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=189814","reference_id":"189814","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=189814"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361937","reference_id":"361937","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361937"},{"reference_url":"https://security.gentoo.org/glsa/200604-09","reference_id":"GLSA-200604-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200604-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0795","reference_id":"RHSA-2007:0795","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0795"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0878","reference_id":"RHSA-2007:0878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0878"},{"reference_url":"https://usn.ubuntu.com/272-1/","reference_id":"USN-272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036812?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.22.dfsg1-8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hdg-fauv-7bhv"},{"vulnerability":"VCID-ca3b-g7k5-yucm"},{"vulnerability":"VCID-fthp-w8mb-nkgr"},{"vulnerability":"VCID-ukce-7qpu-c7cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.22.dfsg1-8"}],"aliases":["CVE-2006-1721"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ymyx-w5ve-gkgh"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.19.dfsg1-0sarge2"}