{"url":"http://public2.vulnerablecode.io/api/packages/1076262?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.19.dfsg1-0sarge2","type":"deb","namespace":"debian","name":"cyrus-sasl2","version":"2.1.19.dfsg1-0sarge2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.1.27+dfsg-2.1+deb11u1","latest_non_vulnerable_version":"2.1.27+dfsg-2.1+deb11u1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185698?format=json","vulnerability_id":"VCID-n4jt-qqkn-2qeg","summary":"A buffer overflow in Cyrus-SASL might allow for the execution of arbitrary\n    code in applications or daemons that authenticate using SASL.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0688.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0688.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0688","reference_id":"","reference_type":"","scores":[{"value":"0.39477","scoring_system":"epss","scoring_elements":"0.97394","published_at":"2026-06-11T12:55:00Z"},{"value":"0.39477","scoring_system":"epss","scoring_elements":"0.97402","published_at":"2026-06-12T12:55:00Z"},{"value":"0.39477","scoring_system":"epss","scoring_elements":"0.97404","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0688"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0688","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0688"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=487251","reference_id":"487251","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=487251"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528749","reference_id":"528749","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528749"},{"reference_url":"https://security.gentoo.org/glsa/200907-09","reference_id":"GLSA-200907-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200907-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1116","reference_id":"RHSA-2009:1116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1116"},{"reference_url":"https://usn.ubuntu.com/790-1/","reference_id":"USN-790-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/790-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076266?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.23.dfsg1-7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rqc5-nja4-k3fv"},{"vulnerability":"VCID-v1qm-nsvw-7ydc"},{"vulnerability":"VCID-wpmj-9s4d-cuh7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.23.dfsg1-7"}],"aliases":["CVE-2009-0688"],"risk_score":0.2,"exploitability":"0.5","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4jt-qqkn-2qeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11582?format=json","vulnerability_id":"VCID-rqc5-nja4-k3fv","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24407.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24407.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24407","reference_id":"","reference_type":"","scores":[{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.63016","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.63117","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.6313","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst"},{"reference_url":"https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28","reference_id":"","reference_type":"","scores":[],"url":"https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28"},{"reference_url":"https://www.debian.org/security/2022/dsa-5087","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2022/dsa-5087"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/02/23/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2022/02/23/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2055326","reference_id":"2055326","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2055326"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24407","reference_id":"CVE-2022-24407","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0658","reference_id":"RHSA-2022:0658","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0658"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0666","reference_id":"RHSA-2022:0666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0668","reference_id":"RHSA-2022:0668","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0668"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0730","reference_id":"RHSA-2022:0730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0731","reference_id":"RHSA-2022:0731","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0780","reference_id":"RHSA-2022:0780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0841","reference_id":"RHSA-2022:0841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1029","reference_id":"RHSA-2022:1029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1029"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1263","reference_id":"RHSA-2022:1263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1263"},{"reference_url":"https://usn.ubuntu.com/5301-1/","reference_id":"USN-5301-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5301-1/"},{"reference_url":"https://usn.ubuntu.com/5301-2/","reference_id":"USN-5301-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5301-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1079161?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.27%2Bdfsg-1%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rqc5-nja4-k3fv"},{"vulnerability":"VCID-v1qm-nsvw-7ydc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.27%252Bdfsg-1%252Bdeb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1082815?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.27%2Bdfsg-2.1%2Bdeb11u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.27%252Bdfsg-2.1%252Bdeb11u1"}],"aliases":["CVE-2022-24407"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rqc5-nja4-k3fv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6794?format=json","vulnerability_id":"VCID-v1qm-nsvw-7ydc","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19906.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19906.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19906","reference_id":"","reference_type":"","scores":[{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65584","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65682","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65693","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1791854","reference_id":"1791854","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1791854"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947043","reference_id":"947043","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4497","reference_id":"RHSA-2020:4497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4497"},{"reference_url":"https://usn.ubuntu.com/4256-1/","reference_id":"USN-4256-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4256-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077641?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.27~101-g0780600%2Bdfsg-3%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rqc5-nja4-k3fv"},{"vulnerability":"VCID-v1qm-nsvw-7ydc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.27~101-g0780600%252Bdfsg-3%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1079161?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.27%2Bdfsg-1%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rqc5-nja4-k3fv"},{"vulnerability":"VCID-v1qm-nsvw-7ydc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.27%252Bdfsg-1%252Bdeb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1082815?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.27%2Bdfsg-2.1%2Bdeb11u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.27%252Bdfsg-2.1%252Bdeb11u1"}],"aliases":["CVE-2019-19906"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v1qm-nsvw-7ydc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184247?format=json","vulnerability_id":"VCID-w3un-aanp-kkap","summary":"Cyrus-SASL contains a vulnerability in the DIGEST-MD5 process that could\n    lead to a Denial of Service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-1721.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-1721.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1721","reference_id":"","reference_type":"","scores":[{"value":"0.03614","scoring_system":"epss","scoring_elements":"0.88059","published_at":"2026-06-11T12:55:00Z"},{"value":"0.03614","scoring_system":"epss","scoring_elements":"0.88099","published_at":"2026-06-12T12:55:00Z"},{"value":"0.03614","scoring_system":"epss","scoring_elements":"0.88105","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1721"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=189814","reference_id":"189814","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=189814"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361937","reference_id":"361937","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361937"},{"reference_url":"https://security.gentoo.org/glsa/200604-09","reference_id":"GLSA-200604-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200604-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0795","reference_id":"RHSA-2007:0795","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0795"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0878","reference_id":"RHSA-2007:0878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0878"},{"reference_url":"https://usn.ubuntu.com/272-1/","reference_id":"USN-272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076263?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.22.dfsg1-8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n4jt-qqkn-2qeg"},{"vulnerability":"VCID-rqc5-nja4-k3fv"},{"vulnerability":"VCID-v1qm-nsvw-7ydc"},{"vulnerability":"VCID-wpmj-9s4d-cuh7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.22.dfsg1-8"}],"aliases":["CVE-2006-1721"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w3un-aanp-kkap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/134?format=json","vulnerability_id":"VCID-wpmj-9s4d-cuh7","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4122.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4122.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4122","reference_id":"","reference_type":"","scores":[{"value":"0.01172","scoring_system":"epss","scoring_elements":"0.79093","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01172","scoring_system":"epss","scoring_elements":"0.79158","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01172","scoring_system":"epss","scoring_elements":"0.79172","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4122"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=716835","reference_id":"716835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=716835"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=984669","reference_id":"984669","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=984669"},{"reference_url":"https://security.gentoo.org/glsa/201309-01","reference_id":"GLSA-201309-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-01"},{"reference_url":"https://usn.ubuntu.com/1988-1/","reference_id":"USN-1988-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1988-1/"},{"reference_url":"https://usn.ubuntu.com/2755-1/","reference_id":"USN-2755-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2755-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076269?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.26.dfsg1-13%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rqc5-nja4-k3fv"},{"vulnerability":"VCID-v1qm-nsvw-7ydc"},{"vulnerability":"VCID-wpmj-9s4d-cuh7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.26.dfsg1-13%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1077641?format=json","purl":"pkg:deb/debian/cyrus-sasl2@2.1.27~101-g0780600%2Bdfsg-3%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rqc5-nja4-k3fv"},{"vulnerability":"VCID-v1qm-nsvw-7ydc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.27~101-g0780600%252Bdfsg-3%252Bdeb9u1"}],"aliases":["CVE-2013-4122"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wpmj-9s4d-cuh7"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cyrus-sasl2@2.1.19.dfsg1-0sarge2"}