{"url":"http://public2.vulnerablecode.io/api/packages/1074098?format=json","purl":"pkg:deb/debian/icecast2@2.3.2-2","type":"deb","namespace":"debian","name":"icecast2","version":"2.3.2-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.4-1","latest_non_vulnerable_version":"2.4.4-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178063?format=json","vulnerability_id":"VCID-5fq5-24qt-g3hj","summary":"Two vulnerabilities have been found in Icecast, possibly resulting\n    in privilege escalation or disclosure of information.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9018","reference_id":"","reference_type":"","scores":[{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.7461","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74681","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9018"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9018","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9018"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770222","reference_id":"770222","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770222"},{"reference_url":"https://security.gentoo.org/glsa/201412-38","reference_id":"GLSA-201412-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-38"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074101?format=json","purl":"pkg:deb/debian/icecast2@2.4.0-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-at2m-6gce-5faz"},{"vulnerability":"VCID-qkpf-bp5h-j7dt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icecast2@2.4.0-1.1"}],"aliases":["CVE-2014-9018"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5fq5-24qt-g3hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/384?format=json","vulnerability_id":"VCID-at2m-6gce-5faz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3026","reference_id":"","reference_type":"","scores":[{"value":"0.1532","scoring_system":"epss","scoring_elements":"0.94785","published_at":"2026-06-11T12:55:00Z"},{"value":"0.1532","scoring_system":"epss","scoring_elements":"0.94803","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3026"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782120","reference_id":"782120","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782120"},{"reference_url":"https://security.gentoo.org/glsa/201508-03","reference_id":"GLSA-201508-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201508-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074103?format=json","purl":"pkg:deb/debian/icecast2@2.4.0-1.1%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-at2m-6gce-5faz"},{"vulnerability":"VCID-qkpf-bp5h-j7dt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icecast2@2.4.0-1.1%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1078007?format=json","purl":"pkg:deb/debian/icecast2@2.4.2-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qkpf-bp5h-j7dt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icecast2@2.4.2-1%252Bdeb9u1"}],"aliases":["CVE-2015-3026"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-at2m-6gce-5faz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202121?format=json","vulnerability_id":"VCID-bczj-uvww-vygk","summary":"icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4612","reference_id":"","reference_type":"","scores":[{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59504","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59614","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4612"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4612","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4612"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652663","reference_id":"652663","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652663"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074101?format=json","purl":"pkg:deb/debian/icecast2@2.4.0-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-at2m-6gce-5faz"},{"vulnerability":"VCID-qkpf-bp5h-j7dt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icecast2@2.4.0-1.1"}],"aliases":["CVE-2011-4612"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bczj-uvww-vygk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175512?format=json","vulnerability_id":"VCID-qkpf-bp5h-j7dt","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18820","reference_id":"","reference_type":"","scores":[{"value":"0.62719","scoring_system":"epss","scoring_elements":"0.98405","published_at":"2026-06-11T12:55:00Z"},{"value":"0.62719","scoring_system":"epss","scoring_elements":"0.98411","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18820"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18820","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18820"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912611","reference_id":"912611","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912611"},{"reference_url":"https://security.gentoo.org/glsa/201811-09","reference_id":"GLSA-201811-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078007?format=json","purl":"pkg:deb/debian/icecast2@2.4.2-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qkpf-bp5h-j7dt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icecast2@2.4.2-1%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1151797?format=json","purl":"pkg:deb/debian/icecast2@2.4.4-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icecast2@2.4.4-1"}],"aliases":["CVE-2018-18820"],"risk_score":0.3,"exploitability":"0.5","weighted_severity":"0.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkpf-bp5h-j7dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178064?format=json","vulnerability_id":"VCID-yx96-g54u-tua5","summary":"Two vulnerabilities have been found in Icecast, possibly resulting\n    in privilege escalation or disclosure of information.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9091","reference_id":"","reference_type":"","scores":[{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19517","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19691","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9091"},{"reference_url":"https://security.gentoo.org/glsa/201412-38","reference_id":"GLSA-201412-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-38"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074101?format=json","purl":"pkg:deb/debian/icecast2@2.4.0-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-at2m-6gce-5faz"},{"vulnerability":"VCID-qkpf-bp5h-j7dt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icecast2@2.4.0-1.1"}],"aliases":["CVE-2014-9091"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yx96-g54u-tua5"}],"fixing_vulnerabilities":[],"risk_score":"1.2","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icecast2@2.3.2-2"}