{"url":"http://public2.vulnerablecode.io/api/packages/5262?format=json","purl":"pkg:deb/debian/prosody@0.7.0-1squeeze1","type":"deb","namespace":"debian","name":"prosody","version":"0.7.0-1squeeze1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.12.3-1+deb12u1","latest_non_vulnerable_version":"0.12.3-1+deb12u1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98698?format=json","vulnerability_id":"VCID-6jkq-68jn-vbf6","summary":"It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0217","reference_id":"","reference_type":"","scores":[{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61744","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61793","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0217"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003696","reference_id":"1003696","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5270?format=json","purl":"pkg:deb/debian/prosody@0.11.2-1%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-v8a7-whdt-8yec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.11.2-1%252Bdeb10u4"}],"aliases":["CVE-2022-0217"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jkq-68jn-vbf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98697?format=json","vulnerability_id":"VCID-7gng-znmd-fybz","summary":"prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the same Prosody instance.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10847","reference_id":"","reference_type":"","scores":[{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.50096","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.50158","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10847"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10847","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10847"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900524","reference_id":"900524","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900524"},{"reference_url":"https://usn.ubuntu.com/USN-4834-1/","reference_id":"USN-USN-4834-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4834-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5267?format=json","purl":"pkg:deb/debian/prosody@0.9.7-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6jkq-68jn-vbf6"},{"vulnerability":"VCID-7gng-znmd-fybz"},{"vulnerability":"VCID-9fun-u67v-ukeg"},{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-ape7-wbd4-f3fa"},{"vulnerability":"VCID-bvnn-cwwk-5ug8"},{"vulnerability":"VCID-d3u6-29xv-d3d7"},{"vulnerability":"VCID-dqgn-tvzm-nyhq"},{"vulnerability":"VCID-pf8t-h7qr-zke4"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-r361-cy8g-z7b3"},{"vulnerability":"VCID-v8a7-whdt-8yec"},{"vulnerability":"VCID-yk2e-qwmd-r3hb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.9.7-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/5269?format=json","purl":"pkg:deb/debian/prosody@0.9.12-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6jkq-68jn-vbf6"},{"vulnerability":"VCID-7gng-znmd-fybz"},{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-ape7-wbd4-f3fa"},{"vulnerability":"VCID-bvnn-cwwk-5ug8"},{"vulnerability":"VCID-d3u6-29xv-d3d7"},{"vulnerability":"VCID-dqgn-tvzm-nyhq"},{"vulnerability":"VCID-pf8t-h7qr-zke4"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-v8a7-whdt-8yec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.9.12-2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5270?format=json","purl":"pkg:deb/debian/prosody@0.11.2-1%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-v8a7-whdt-8yec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.11.2-1%252Bdeb10u4"}],"aliases":["CVE-2018-10847"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7gng-znmd-fybz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98690?format=json","vulnerability_id":"VCID-7zh2-6hq2-e7fn","summary":"Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service (data truncation) by sending a large amount of data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2531","reference_id":"","reference_type":"","scores":[{"value":"0.00767","scoring_system":"epss","scoring_elements":"0.73838","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00767","scoring_system":"epss","scoring_elements":"0.73875","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2531"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2531","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2531"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5264?format=json","purl":"pkg:deb/debian/prosody@0.8.2-4%2Bdeb7u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6jkq-68jn-vbf6"},{"vulnerability":"VCID-7gng-znmd-fybz"},{"vulnerability":"VCID-9fun-u67v-ukeg"},{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-ape7-wbd4-f3fa"},{"vulnerability":"VCID-bvnn-cwwk-5ug8"},{"vulnerability":"VCID-d3u6-29xv-d3d7"},{"vulnerability":"VCID-dqgn-tvzm-nyhq"},{"vulnerability":"VCID-pf8t-h7qr-zke4"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-r361-cy8g-z7b3"},{"vulnerability":"VCID-skgm-b471-pkae"},{"vulnerability":"VCID-te5t-7g5g-h3h1"},{"vulnerability":"VCID-v8a7-whdt-8yec"},{"vulnerability":"VCID-yk2e-qwmd-r3hb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.8.2-4%252Bdeb7u4"}],"aliases":["CVE-2011-2531"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7zh2-6hq2-e7fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98694?format=json","vulnerability_id":"VCID-9fun-u67v-ukeg","summary":"Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1231","reference_id":"","reference_type":"","scores":[{"value":"0.00741","scoring_system":"epss","scoring_elements":"0.73324","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00741","scoring_system":"epss","scoring_elements":"0.73361","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1232"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5264?format=json","purl":"pkg:deb/debian/prosody@0.8.2-4%2Bdeb7u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6jkq-68jn-vbf6"},{"vulnerability":"VCID-7gng-znmd-fybz"},{"vulnerability":"VCID-9fun-u67v-ukeg"},{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-ape7-wbd4-f3fa"},{"vulnerability":"VCID-bvnn-cwwk-5ug8"},{"vulnerability":"VCID-d3u6-29xv-d3d7"},{"vulnerability":"VCID-dqgn-tvzm-nyhq"},{"vulnerability":"VCID-pf8t-h7qr-zke4"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-r361-cy8g-z7b3"},{"vulnerability":"VCID-skgm-b471-pkae"},{"vulnerability":"VCID-te5t-7g5g-h3h1"},{"vulnerability":"VCID-v8a7-whdt-8yec"},{"vulnerability":"VCID-yk2e-qwmd-r3hb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.8.2-4%252Bdeb7u4"},{"url":"http://public2.vulnerablecode.io/api/packages/5267?format=json","purl":"pkg:deb/debian/prosody@0.9.7-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6jkq-68jn-vbf6"},{"vulnerability":"VCID-7gng-znmd-fybz"},{"vulnerability":"VCID-9fun-u67v-ukeg"},{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-ape7-wbd4-f3fa"},{"vulnerability":"VCID-bvnn-cwwk-5ug8"},{"vulnerability":"VCID-d3u6-29xv-d3d7"},{"vulnerability":"VCID-dqgn-tvzm-nyhq"},{"vulnerability":"VCID-pf8t-h7qr-zke4"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-r361-cy8g-z7b3"},{"vulnerability":"VCID-v8a7-whdt-8yec"},{"vulnerability":"VCID-yk2e-qwmd-r3hb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.9.7-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/5268?format=json","purl":"pkg:deb/debian/prosody@0.9.12-1~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6jkq-68jn-vbf6"},{"vulnerability":"VCID-7gng-znmd-fybz"},{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-ape7-wbd4-f3fa"},{"vulnerability":"VCID-bvnn-cwwk-5ug8"},{"vulnerability":"VCID-d3u6-29xv-d3d7"},{"vulnerability":"VCID-dqgn-tvzm-nyhq"},{"vulnerability":"VCID-pf8t-h7qr-zke4"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-v8a7-whdt-8yec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.9.12-1~bpo8%252B1"}],"aliases":["CVE-2016-1231"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9fun-u67v-ukeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5509?format=json","vulnerability_id":"VCID-9hnj-qfwy-t7bz","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32918","reference_id":"","reference_type":"","scores":[{"value":"0.04269","scoring_system":"epss","scoring_elements":"0.89017","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04269","scoring_system":"epss","scoring_elements":"0.89034","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32918"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32918","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32918"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32921"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988668","reference_id":"988668","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988668"},{"reference_url":"https://security.archlinux.org/ASA-202105-11","reference_id":"ASA-202105-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-11"},{"reference_url":"https://security.archlinux.org/AVG-1955","reference_id":"AVG-1955","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1955"},{"reference_url":"https://security.gentoo.org/glsa/202105-15","reference_id":"GLSA-202105-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5270?format=json","purl":"pkg:deb/debian/prosody@0.11.2-1%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-v8a7-whdt-8yec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.11.2-1%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/196470?format=json","purl":"pkg:deb/debian/prosody@0.11.9-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3n9x-ukp7-3khs"},{"vulnerability":"VCID-5zvg-gbkm-7fb4"},{"vulnerability":"VCID-9q7k-rudh-fugc"},{"vulnerability":"VCID-wxmn-zer8-afet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.11.9-2%252Bdeb11u2"}],"aliases":["CVE-2021-32918"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hnj-qfwy-t7bz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5510?format=json","vulnerability_id":"VCID-ape7-wbd4-f3fa","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32917","reference_id":"","reference_type":"","scores":[{"value":"0.04407","scoring_system":"epss","scoring_elements":"0.89196","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04407","scoring_system":"epss","scoring_elements":"0.89213","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32918","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32918"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32921"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988668","reference_id":"988668","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988668"},{"reference_url":"https://security.archlinux.org/ASA-202105-11","reference_id":"ASA-202105-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-11"},{"reference_url":"https://security.archlinux.org/AVG-1955","reference_id":"AVG-1955","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1955"},{"reference_url":"https://security.gentoo.org/glsa/202105-15","reference_id":"GLSA-202105-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5270?format=json","purl":"pkg:deb/debian/prosody@0.11.2-1%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-v8a7-whdt-8yec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.11.2-1%252Bdeb10u4"}],"aliases":["CVE-2021-32917"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ape7-wbd4-f3fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5508?format=json","vulnerability_id":"VCID-bvnn-cwwk-5ug8","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32919","reference_id":"","reference_type":"","scores":[{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57222","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57274","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32918","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32918"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32921"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988668","reference_id":"988668","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988668"},{"reference_url":"https://security.archlinux.org/ASA-202105-11","reference_id":"ASA-202105-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-11"},{"reference_url":"https://security.archlinux.org/AVG-1955","reference_id":"AVG-1955","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1955"},{"reference_url":"https://security.gentoo.org/glsa/202105-15","reference_id":"GLSA-202105-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5270?format=json","purl":"pkg:deb/debian/prosody@0.11.2-1%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-v8a7-whdt-8yec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.11.2-1%252Bdeb10u4"}],"aliases":["CVE-2021-32919"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvnn-cwwk-5ug8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98696?format=json","vulnerability_id":"VCID-d3u6-29xv-d3d7","summary":"Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in, for example, the c2s module.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18265","reference_id":"","reference_type":"","scores":[{"value":"0.01063","scoring_system":"epss","scoring_elements":"0.78002","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01063","scoring_system":"epss","scoring_elements":"0.7803","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18265"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875829","reference_id":"875829","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875829"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5269?format=json","purl":"pkg:deb/debian/prosody@0.9.12-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6jkq-68jn-vbf6"},{"vulnerability":"VCID-7gng-znmd-fybz"},{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-ape7-wbd4-f3fa"},{"vulnerability":"VCID-bvnn-cwwk-5ug8"},{"vulnerability":"VCID-d3u6-29xv-d3d7"},{"vulnerability":"VCID-dqgn-tvzm-nyhq"},{"vulnerability":"VCID-pf8t-h7qr-zke4"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-v8a7-whdt-8yec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.9.12-2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5270?format=json","purl":"pkg:deb/debian/prosody@0.11.2-1%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-v8a7-whdt-8yec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.11.2-1%252Bdeb10u4"}],"aliases":["CVE-2017-18265"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3u6-29xv-d3d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/369712?format=json","vulnerability_id":"VCID-dqgn-tvzm-nyhq","summary":"regression update","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5270?format=json","purl":"pkg:deb/debian/prosody@0.11.2-1%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-v8a7-whdt-8yec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.11.2-1%252Bdeb10u4"}],"aliases":["DSA-5047-2 prosody"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dqgn-tvzm-nyhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/369710?format=json","vulnerability_id":"VCID-pf8t-h7qr-zke4","summary":"regression update","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5270?format=json","purl":"pkg:deb/debian/prosody@0.11.2-1%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-v8a7-whdt-8yec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.11.2-1%252Bdeb10u4"}],"aliases":["DSA-4916-2 prosody"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pf8t-h7qr-zke4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98691?format=json","vulnerability_id":"VCID-qeey-pk5y-abc4","summary":"The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service (infinite loop) via invalid JSON data, as demonstrated by truncated data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2532","reference_id":"","reference_type":"","scores":[{"value":"0.00535","scoring_system":"epss","scoring_elements":"0.67783","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00535","scoring_system":"epss","scoring_elements":"0.67823","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2532"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2532","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2532"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5264?format=json","purl":"pkg:deb/debian/prosody@0.8.2-4%2Bdeb7u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6jkq-68jn-vbf6"},{"vulnerability":"VCID-7gng-znmd-fybz"},{"vulnerability":"VCID-9fun-u67v-ukeg"},{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-ape7-wbd4-f3fa"},{"vulnerability":"VCID-bvnn-cwwk-5ug8"},{"vulnerability":"VCID-d3u6-29xv-d3d7"},{"vulnerability":"VCID-dqgn-tvzm-nyhq"},{"vulnerability":"VCID-pf8t-h7qr-zke4"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-r361-cy8g-z7b3"},{"vulnerability":"VCID-skgm-b471-pkae"},{"vulnerability":"VCID-te5t-7g5g-h3h1"},{"vulnerability":"VCID-v8a7-whdt-8yec"},{"vulnerability":"VCID-yk2e-qwmd-r3hb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.8.2-4%252Bdeb7u4"}],"aliases":["CVE-2011-2532"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qeey-pk5y-abc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5507?format=json","vulnerability_id":"VCID-qzwt-bgty-3bfr","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32920","reference_id":"","reference_type":"","scores":[{"value":"0.06773","scoring_system":"epss","scoring_elements":"0.91465","published_at":"2026-06-04T12:55:00Z"},{"value":"0.06773","scoring_system":"epss","scoring_elements":"0.91478","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32918","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32918"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32921"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988668","reference_id":"988668","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988668"},{"reference_url":"https://security.archlinux.org/ASA-202105-11","reference_id":"ASA-202105-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-11"},{"reference_url":"https://security.archlinux.org/AVG-1955","reference_id":"AVG-1955","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1955"},{"reference_url":"https://security.gentoo.org/glsa/202105-15","reference_id":"GLSA-202105-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5270?format=json","purl":"pkg:deb/debian/prosody@0.11.2-1%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-v8a7-whdt-8yec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.11.2-1%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/196470?format=json","purl":"pkg:deb/debian/prosody@0.11.9-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3n9x-ukp7-3khs"},{"vulnerability":"VCID-5zvg-gbkm-7fb4"},{"vulnerability":"VCID-9q7k-rudh-fugc"},{"vulnerability":"VCID-wxmn-zer8-afet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.11.9-2%252Bdeb11u2"}],"aliases":["CVE-2021-32920"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qzwt-bgty-3bfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98695?format=json","vulnerability_id":"VCID-r361-cy8g-z7b3","summary":"The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1232","reference_id":"","reference_type":"","scores":[{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72571","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72611","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1232"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5264?format=json","purl":"pkg:deb/debian/prosody@0.8.2-4%2Bdeb7u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6jkq-68jn-vbf6"},{"vulnerability":"VCID-7gng-znmd-fybz"},{"vulnerability":"VCID-9fun-u67v-ukeg"},{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-ape7-wbd4-f3fa"},{"vulnerability":"VCID-bvnn-cwwk-5ug8"},{"vulnerability":"VCID-d3u6-29xv-d3d7"},{"vulnerability":"VCID-dqgn-tvzm-nyhq"},{"vulnerability":"VCID-pf8t-h7qr-zke4"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-r361-cy8g-z7b3"},{"vulnerability":"VCID-skgm-b471-pkae"},{"vulnerability":"VCID-te5t-7g5g-h3h1"},{"vulnerability":"VCID-v8a7-whdt-8yec"},{"vulnerability":"VCID-yk2e-qwmd-r3hb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.8.2-4%252Bdeb7u4"},{"url":"http://public2.vulnerablecode.io/api/packages/5267?format=json","purl":"pkg:deb/debian/prosody@0.9.7-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6jkq-68jn-vbf6"},{"vulnerability":"VCID-7gng-znmd-fybz"},{"vulnerability":"VCID-9fun-u67v-ukeg"},{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-ape7-wbd4-f3fa"},{"vulnerability":"VCID-bvnn-cwwk-5ug8"},{"vulnerability":"VCID-d3u6-29xv-d3d7"},{"vulnerability":"VCID-dqgn-tvzm-nyhq"},{"vulnerability":"VCID-pf8t-h7qr-zke4"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-r361-cy8g-z7b3"},{"vulnerability":"VCID-v8a7-whdt-8yec"},{"vulnerability":"VCID-yk2e-qwmd-r3hb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.9.7-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/5268?format=json","purl":"pkg:deb/debian/prosody@0.9.12-1~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6jkq-68jn-vbf6"},{"vulnerability":"VCID-7gng-znmd-fybz"},{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-ape7-wbd4-f3fa"},{"vulnerability":"VCID-bvnn-cwwk-5ug8"},{"vulnerability":"VCID-d3u6-29xv-d3d7"},{"vulnerability":"VCID-dqgn-tvzm-nyhq"},{"vulnerability":"VCID-pf8t-h7qr-zke4"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-v8a7-whdt-8yec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.9.12-1~bpo8%252B1"}],"aliases":["CVE-2016-1232"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r361-cy8g-z7b3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98692?format=json","vulnerability_id":"VCID-skgm-b471-pkae","summary":"Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an \"xmppbomb\" attack, related to core/portmanager.lua and util/xmppstream.lua.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2745","reference_id":"","reference_type":"","scores":[{"value":"0.02179","scoring_system":"epss","scoring_elements":"0.8466","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02179","scoring_system":"epss","scoring_elements":"0.84684","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2745"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5264?format=json","purl":"pkg:deb/debian/prosody@0.8.2-4%2Bdeb7u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6jkq-68jn-vbf6"},{"vulnerability":"VCID-7gng-znmd-fybz"},{"vulnerability":"VCID-9fun-u67v-ukeg"},{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-ape7-wbd4-f3fa"},{"vulnerability":"VCID-bvnn-cwwk-5ug8"},{"vulnerability":"VCID-d3u6-29xv-d3d7"},{"vulnerability":"VCID-dqgn-tvzm-nyhq"},{"vulnerability":"VCID-pf8t-h7qr-zke4"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-r361-cy8g-z7b3"},{"vulnerability":"VCID-skgm-b471-pkae"},{"vulnerability":"VCID-te5t-7g5g-h3h1"},{"vulnerability":"VCID-v8a7-whdt-8yec"},{"vulnerability":"VCID-yk2e-qwmd-r3hb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.8.2-4%252Bdeb7u4"},{"url":"http://public2.vulnerablecode.io/api/packages/5266?format=json","purl":"pkg:deb/debian/prosody@0.9.7-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6jkq-68jn-vbf6"},{"vulnerability":"VCID-7gng-znmd-fybz"},{"vulnerability":"VCID-9fun-u67v-ukeg"},{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-ape7-wbd4-f3fa"},{"vulnerability":"VCID-bvnn-cwwk-5ug8"},{"vulnerability":"VCID-d3u6-29xv-d3d7"},{"vulnerability":"VCID-dqgn-tvzm-nyhq"},{"vulnerability":"VCID-pf8t-h7qr-zke4"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-r361-cy8g-z7b3"},{"vulnerability":"VCID-v8a7-whdt-8yec"},{"vulnerability":"VCID-yk2e-qwmd-r3hb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.9.7-2"}],"aliases":["CVE-2014-2745"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-skgm-b471-pkae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92481?format=json","vulnerability_id":"VCID-te5t-7g5g-h3h1","summary":"plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka an \"xmppbomb\" attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2744","reference_id":"","reference_type":"","scores":[{"value":"0.02179","scoring_system":"epss","scoring_elements":"0.8466","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02179","scoring_system":"epss","scoring_elements":"0.84684","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2745"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5264?format=json","purl":"pkg:deb/debian/prosody@0.8.2-4%2Bdeb7u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6jkq-68jn-vbf6"},{"vulnerability":"VCID-7gng-znmd-fybz"},{"vulnerability":"VCID-9fun-u67v-ukeg"},{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-ape7-wbd4-f3fa"},{"vulnerability":"VCID-bvnn-cwwk-5ug8"},{"vulnerability":"VCID-d3u6-29xv-d3d7"},{"vulnerability":"VCID-dqgn-tvzm-nyhq"},{"vulnerability":"VCID-pf8t-h7qr-zke4"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-r361-cy8g-z7b3"},{"vulnerability":"VCID-skgm-b471-pkae"},{"vulnerability":"VCID-te5t-7g5g-h3h1"},{"vulnerability":"VCID-v8a7-whdt-8yec"},{"vulnerability":"VCID-yk2e-qwmd-r3hb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.8.2-4%252Bdeb7u4"},{"url":"http://public2.vulnerablecode.io/api/packages/5266?format=json","purl":"pkg:deb/debian/prosody@0.9.7-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6jkq-68jn-vbf6"},{"vulnerability":"VCID-7gng-znmd-fybz"},{"vulnerability":"VCID-9fun-u67v-ukeg"},{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-ape7-wbd4-f3fa"},{"vulnerability":"VCID-bvnn-cwwk-5ug8"},{"vulnerability":"VCID-d3u6-29xv-d3d7"},{"vulnerability":"VCID-dqgn-tvzm-nyhq"},{"vulnerability":"VCID-pf8t-h7qr-zke4"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-r361-cy8g-z7b3"},{"vulnerability":"VCID-v8a7-whdt-8yec"},{"vulnerability":"VCID-yk2e-qwmd-r3hb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.9.7-2"}],"aliases":["CVE-2014-2744"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-te5t-7g5g-h3h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5506?format=json","vulnerability_id":"VCID-v8a7-whdt-8yec","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32921","reference_id":"","reference_type":"","scores":[{"value":"0.04627","scoring_system":"epss","scoring_elements":"0.89459","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04627","scoring_system":"epss","scoring_elements":"0.89478","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32918","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32918"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32921"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988668","reference_id":"988668","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988668"},{"reference_url":"https://security.archlinux.org/ASA-202105-11","reference_id":"ASA-202105-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-11"},{"reference_url":"https://security.archlinux.org/AVG-1955","reference_id":"AVG-1955","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1955"},{"reference_url":"https://security.gentoo.org/glsa/202105-15","reference_id":"GLSA-202105-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5270?format=json","purl":"pkg:deb/debian/prosody@0.11.2-1%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-v8a7-whdt-8yec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.11.2-1%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/196470?format=json","purl":"pkg:deb/debian/prosody@0.11.9-2%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3n9x-ukp7-3khs"},{"vulnerability":"VCID-5zvg-gbkm-7fb4"},{"vulnerability":"VCID-9q7k-rudh-fugc"},{"vulnerability":"VCID-wxmn-zer8-afet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.11.9-2%252Bdeb11u2"}],"aliases":["CVE-2021-32921"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v8a7-whdt-8yec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98693?format=json","vulnerability_id":"VCID-yk2e-qwmd-r3hb","summary":"The generate_dialback function in the mod_dialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0756","reference_id":"","reference_type":"","scores":[{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.7201","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.72051","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0756"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5264?format=json","purl":"pkg:deb/debian/prosody@0.8.2-4%2Bdeb7u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6jkq-68jn-vbf6"},{"vulnerability":"VCID-7gng-znmd-fybz"},{"vulnerability":"VCID-9fun-u67v-ukeg"},{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-ape7-wbd4-f3fa"},{"vulnerability":"VCID-bvnn-cwwk-5ug8"},{"vulnerability":"VCID-d3u6-29xv-d3d7"},{"vulnerability":"VCID-dqgn-tvzm-nyhq"},{"vulnerability":"VCID-pf8t-h7qr-zke4"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-r361-cy8g-z7b3"},{"vulnerability":"VCID-skgm-b471-pkae"},{"vulnerability":"VCID-te5t-7g5g-h3h1"},{"vulnerability":"VCID-v8a7-whdt-8yec"},{"vulnerability":"VCID-yk2e-qwmd-r3hb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.8.2-4%252Bdeb7u4"},{"url":"http://public2.vulnerablecode.io/api/packages/5267?format=json","purl":"pkg:deb/debian/prosody@0.9.7-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6jkq-68jn-vbf6"},{"vulnerability":"VCID-7gng-znmd-fybz"},{"vulnerability":"VCID-9fun-u67v-ukeg"},{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-ape7-wbd4-f3fa"},{"vulnerability":"VCID-bvnn-cwwk-5ug8"},{"vulnerability":"VCID-d3u6-29xv-d3d7"},{"vulnerability":"VCID-dqgn-tvzm-nyhq"},{"vulnerability":"VCID-pf8t-h7qr-zke4"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-r361-cy8g-z7b3"},{"vulnerability":"VCID-v8a7-whdt-8yec"},{"vulnerability":"VCID-yk2e-qwmd-r3hb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.9.7-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/5268?format=json","purl":"pkg:deb/debian/prosody@0.9.12-1~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6jkq-68jn-vbf6"},{"vulnerability":"VCID-7gng-znmd-fybz"},{"vulnerability":"VCID-9hnj-qfwy-t7bz"},{"vulnerability":"VCID-ape7-wbd4-f3fa"},{"vulnerability":"VCID-bvnn-cwwk-5ug8"},{"vulnerability":"VCID-d3u6-29xv-d3d7"},{"vulnerability":"VCID-dqgn-tvzm-nyhq"},{"vulnerability":"VCID-pf8t-h7qr-zke4"},{"vulnerability":"VCID-qzwt-bgty-3bfr"},{"vulnerability":"VCID-v8a7-whdt-8yec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.9.12-1~bpo8%252B1"}],"aliases":["CVE-2016-0756"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yk2e-qwmd-r3hb"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/prosody@0.7.0-1squeeze1"}