{"url":"http://public2.vulnerablecode.io/api/packages/339414?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1?distro=sid","type":"deb","namespace":"debian","name":"asterisk","version":"1:1.4.19.1~dfsg-1","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1:1.4.21.2~dfsg-1","latest_non_vulnerable_version":"1:22.9.0+dfsg+~cs6.16.60671434-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78619?format=json","vulnerability_id":"VCID-3ary-4n7t-4uat","summary":"asterisk: HTTP Manager ID is predictable (AST-2008-005)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1390.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1390.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1390","reference_id":"","reference_type":"","scores":[{"value":"0.03015","scoring_system":"epss","scoring_elements":"0.86833","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1390"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=438131","reference_id":"438131","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=438131"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339414?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2008-1390"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ary-4n7t-4uat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80634?format=json","vulnerability_id":"VCID-d23v-361c-kfhj","summary":"The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1923","reference_id":"","reference_type":"","scores":[{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.8158","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1923"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339414?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2008-1923"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d23v-361c-kfhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75444?format=json","vulnerability_id":"VCID-rxfr-prs2-1yb4","summary":"asterisk: 3-way handshake in IAX2 incomplete (CVE-2008-1923)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1897.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1897.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1897","reference_id":"","reference_type":"","scores":[{"value":"0.03049","scoring_system":"epss","scoring_elements":"0.86917","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1897"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=443761","reference_id":"443761","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=443761"},{"reference_url":"https://security.gentoo.org/glsa/200905-01","reference_id":"GLSA-200905-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200905-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339414?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2008-1897"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rxfr-prs2-1yb4"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1%3Fdistro=sid"}