{"url":"http://public2.vulnerablecode.io/api/packages/49130?format=json","purl":"pkg:deb/debian/kamailio@5.6.3-2?distro=trixie","type":"deb","namespace":"debian","name":"kamailio","version":"5.6.3-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.0.5-1","latest_non_vulnerable_version":"6.1.3-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73185?format=json","vulnerability_id":"VCID-95vp-4dhn-x7gp","summary":"Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) via a specially crafted data packet sent over TCP. The issue impacts Kamailio instances having TCP or TLS listeners. This vulnerability is fixed in 5.1.1, 6.0.6, and 5.8.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39863","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14973","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39863"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39863","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39863"},{"reference_url":"https://github.com/kamailio/kamailio/security/advisories/GHSA-2wj4-f825-2h2f","reference_id":"GHSA-2wj4-f825-2h2f","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T13:52:31Z/"}],"url":"https://github.com/kamailio/kamailio/security/advisories/GHSA-2wj4-f825-2h2f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49214?format=json","purl":"pkg:deb/debian/kamailio@6.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49139?format=json","purl":"pkg:deb/debian/kamailio@6.1.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.1.3-2%3Fdistro=trixie"}],"aliases":["CVE-2026-39863"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-95vp-4dhn-x7gp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72972?format=json","vulnerability_id":"VCID-jsty-qq73-63a5","summary":"Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) via a specially crafted SIP packet if a successful user authentication without a database backend is followed by additional user identity checks. This vulnerability is fixed in 6.0.5 and 5.8.7.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39864","reference_id":"","reference_type":"","scores":[{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.4651","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39864"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39864","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39864"},{"reference_url":"https://github.com/kamailio/kamailio/security/advisories/GHSA-6m86-m342-g48m","reference_id":"GHSA-6m86-m342-g48m","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T20:19:26Z/"}],"url":"https://github.com/kamailio/kamailio/security/advisories/GHSA-6m86-m342-g48m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49225?format=json","purl":"pkg:deb/debian/kamailio@6.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49139?format=json","purl":"pkg:deb/debian/kamailio@6.1.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.1.3-2%3Fdistro=trixie"}],"aliases":["CVE-2026-39864"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jsty-qq73-63a5"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/153521?format=json","vulnerability_id":"VCID-19fb-d8s5-97fn","summary":"The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27507","reference_id":"","reference_type":"","scores":[{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61893","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27507"},{"reference_url":"https://github.com/kamailio/kamailio/issues/2503","reference_id":"2503","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-27T18:37:13Z/"}],"url":"https://github.com/kamailio/kamailio/issues/2503"},{"reference_url":"https://github.com/kamailio/kamailio/commit/ada3701d22b1fd579f06b4f54fa695fa988e685f","reference_id":"ada3701d22b1fd579f06b4f54fa695fa988e685f","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-27T18:37:13Z/"}],"url":"https://github.com/kamailio/kamailio/commit/ada3701d22b1fd579f06b4f54fa695fa988e685f"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00030.html","reference_id":"msg00030.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-27T18:37:13Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00030.html"},{"reference_url":"https://usn.ubuntu.com/6022-1/","reference_id":"USN-6022-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6022-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49181?format=json","purl":"pkg:deb/debian/kamailio@5.4.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.4.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49137?format=json","purl":"pkg:deb/debian/kamailio@5.4.4-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.4.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49130?format=json","purl":"pkg:deb/debian/kamailio@5.6.3-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.6.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49140?format=json","purl":"pkg:deb/debian/kamailio@6.0.1-1%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.0.1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49139?format=json","purl":"pkg:deb/debian/kamailio@6.1.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.1.3-2%3Fdistro=trixie"}],"aliases":["CVE-2020-27507"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-19fb-d8s5-97fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203824?format=json","vulnerability_id":"VCID-7nr9-st2h-mfgh","summary":"The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1591","reference_id":"","reference_type":"","scores":[{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19569","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1591"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775681","reference_id":"775681","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775681"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49141?format=json","purl":"pkg:deb/debian/kamailio@4.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@4.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49137?format=json","purl":"pkg:deb/debian/kamailio@5.4.4-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.4.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49130?format=json","purl":"pkg:deb/debian/kamailio@5.6.3-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.6.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49140?format=json","purl":"pkg:deb/debian/kamailio@6.0.1-1%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.0.1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49139?format=json","purl":"pkg:deb/debian/kamailio@6.1.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.1.3-2%3Fdistro=trixie"}],"aliases":["CVE-2015-1591"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7nr9-st2h-mfgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175422?format=json","vulnerability_id":"VCID-7t6b-wcdm-rqfv","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16657","reference_id":"","reference_type":"","scores":[{"value":"0.00921","scoring_system":"epss","scoring_elements":"0.76429","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16657"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908324","reference_id":"908324","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908324"},{"reference_url":"https://usn.ubuntu.com/6022-1/","reference_id":"USN-6022-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6022-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49151?format=json","purl":"pkg:deb/debian/kamailio@5.1.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.1.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49137?format=json","purl":"pkg:deb/debian/kamailio@5.4.4-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.4.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49130?format=json","purl":"pkg:deb/debian/kamailio@5.6.3-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.6.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49140?format=json","purl":"pkg:deb/debian/kamailio@6.0.1-1%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.0.1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49139?format=json","purl":"pkg:deb/debian/kamailio@6.1.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.1.3-2%3Fdistro=trixie"}],"aliases":["CVE-2018-16657"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7t6b-wcdm-rqfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176879?format=json","vulnerability_id":"VCID-j23r-x47z-guhg","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8828","reference_id":"","reference_type":"","scores":[{"value":"0.00929","scoring_system":"epss","scoring_elements":"0.76552","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8828"},{"reference_url":"https://usn.ubuntu.com/4240-1/","reference_id":"USN-4240-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4240-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49171?format=json","purl":"pkg:deb/debian/kamailio@5.1.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.1.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49137?format=json","purl":"pkg:deb/debian/kamailio@5.4.4-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.4.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49130?format=json","purl":"pkg:deb/debian/kamailio@5.6.3-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.6.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49140?format=json","purl":"pkg:deb/debian/kamailio@6.0.1-1%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.0.1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49139?format=json","purl":"pkg:deb/debian/kamailio@6.1.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.1.3-2%3Fdistro=trixie"}],"aliases":["CVE-2018-8828"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j23r-x47z-guhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182812?format=json","vulnerability_id":"VCID-m5yx-h7zz-93gb","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2385","reference_id":"","reference_type":"","scores":[{"value":"0.20973","scoring_system":"epss","scoring_elements":"0.95772","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2385"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815178","reference_id":"815178","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815178"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/39638.txt","reference_id":"CVE-2016-2385","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/39638.txt"},{"reference_url":"https://usn.ubuntu.com/7416-1/","reference_id":"USN-7416-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7416-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49142?format=json","purl":"pkg:deb/debian/kamailio@4.3.4-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@4.3.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49137?format=json","purl":"pkg:deb/debian/kamailio@5.4.4-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.4.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49130?format=json","purl":"pkg:deb/debian/kamailio@5.6.3-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.6.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49140?format=json","purl":"pkg:deb/debian/kamailio@6.0.1-1%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.0.1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49139?format=json","purl":"pkg:deb/debian/kamailio@6.1.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.1.3-2%3Fdistro=trixie"}],"aliases":["CVE-2016-2385"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m5yx-h7zz-93gb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207954?format=json","vulnerability_id":"VCID-naj2-6gy6-bfb5","summary":"Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28361","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34499","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28361"},{"reference_url":"https://usn.ubuntu.com/7416-1/","reference_id":"USN-7416-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7416-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49190?format=json","purl":"pkg:deb/debian/kamailio@5.4.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49137?format=json","purl":"pkg:deb/debian/kamailio@5.4.4-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.4.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49130?format=json","purl":"pkg:deb/debian/kamailio@5.6.3-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.6.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49140?format=json","purl":"pkg:deb/debian/kamailio@6.0.1-1%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.0.1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49139?format=json","purl":"pkg:deb/debian/kamailio@6.1.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.1.3-2%3Fdistro=trixie"}],"aliases":["CVE-2020-28361"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-naj2-6gy6-bfb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175221?format=json","vulnerability_id":"VCID-szjx-339s-qyb1","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14767","reference_id":"","reference_type":"","scores":[{"value":"0.02018","scoring_system":"epss","scoring_elements":"0.84122","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14767"},{"reference_url":"https://usn.ubuntu.com/7416-1/","reference_id":"USN-7416-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7416-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49151?format=json","purl":"pkg:deb/debian/kamailio@5.1.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.1.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49137?format=json","purl":"pkg:deb/debian/kamailio@5.4.4-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.4.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49130?format=json","purl":"pkg:deb/debian/kamailio@5.6.3-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.6.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49140?format=json","purl":"pkg:deb/debian/kamailio@6.0.1-1%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.0.1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49139?format=json","purl":"pkg:deb/debian/kamailio@6.1.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.1.3-2%3Fdistro=trixie"}],"aliases":["CVE-2018-14767"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-szjx-339s-qyb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203823?format=json","vulnerability_id":"VCID-vh68-urd8-rkg5","summary":"The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1590","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24708","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1590","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1590"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775681","reference_id":"775681","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775681"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49141?format=json","purl":"pkg:deb/debian/kamailio@4.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@4.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49137?format=json","purl":"pkg:deb/debian/kamailio@5.4.4-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.4.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49130?format=json","purl":"pkg:deb/debian/kamailio@5.6.3-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.6.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49140?format=json","purl":"pkg:deb/debian/kamailio@6.0.1-1%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.0.1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49139?format=json","purl":"pkg:deb/debian/kamailio@6.1.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.1.3-2%3Fdistro=trixie"}],"aliases":["CVE-2015-1590"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vh68-urd8-rkg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203186?format=json","vulnerability_id":"VCID-zatw-nd9a-4qab","summary":"Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7426","reference_id":"","reference_type":"","scores":[{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80843","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7426"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712083","reference_id":"712083","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712083"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49134?format=json","purl":"pkg:deb/debian/kamailio@4.0.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@4.0.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49137?format=json","purl":"pkg:deb/debian/kamailio@5.4.4-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.4.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49130?format=json","purl":"pkg:deb/debian/kamailio@5.6.3-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.6.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49140?format=json","purl":"pkg:deb/debian/kamailio@6.0.1-1%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95vp-4dhn-x7gp"},{"vulnerability":"VCID-jsty-qq73-63a5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.0.1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49139?format=json","purl":"pkg:deb/debian/kamailio@6.1.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@6.1.3-2%3Fdistro=trixie"}],"aliases":["CVE-2013-7426"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zatw-nd9a-4qab"}],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kamailio@5.6.3-2%3Fdistro=trixie"}